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(57) A system for permitting or^ an authentic user 
to play a desired application contamed in a distritxited 
application package in one <Kf predetermined operation, 
e g., free play mode, charged mode, lin«t-attached play 
mode, etc Tlie system apprises a cfient for playing an 
application under the control of a server connected with 
the dient through a communication network. The appli- 
catkxi package (the voliffne) includes a distrixjtion 
desaiptor which contains mode codes assigned to the 
volume and the appOcations of the volume. The data of 
distrtxition descrptor is decided and stored en ^e 
desaiptor at the time of dtstrftxition of the volun^. This 
feature mates the system f lexl)le. There is also dis- 
closed a system opemtable without oonvrunicating witti 
a server. 
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Dascilption 

BACKGROUND OF THE INVENTiON 

1. Field of the Invention 

The invention genendty rafales to a security system and. more specifically, to a method and system lor pemitting 
an authentic user to use charged information which has been distributed via package or transmission media vifhile 
charging and controlling the use of distributed charged information. 

2. Description of the Prior Art 

In Older to use charged information such as music, movies, games, elc. pf^^ 
vide various programs of such charged information, a user has generally t 

step), the user obtains a desired progr»n from one of the information providers by pirchasing a package mecfia such 
as an FD (floppy cfec), an optical disc (e.g.. CD-ROM (compact disc read only memory) 8n6 DVD (cSgrtal versatite disc 
or video disc)), €«c. on which the desired program is recofded (off-line distribution or obtaining) or by down loading the 
desired program from the server computer of an information provide' ttwough a pred^ermined prooecfejre (on-Tme dis- 
trd)ution or obiaintng). In case of the on-line obtaining, the user may either ptay the program while obtanng it (i a.. the 
tMo steps are executed in parafleQ or store tiie program while obtain!^ 

as the second step (or using step). In case of the off-line obtaining, in the second step the user IockIs the cbtssned 
recording metSa into an appropriate d&nce and directly plays (or executes) the program or once stores the proyam into 
tfie menwry of the device and then pla^ the pro^m. 

O^nese Patent unexamkwd pU)lication No. Hei7'295674 (1995) discloses a security system for use in the sec- 
ond or using step for a CD-ROM. In this system, tiie user can use encrypted information which is reooitied together wf^ 
a public key d a tdl center (a cemer pii)lic key) on a CD-ROM by encrypting with the ce^ 
code of desired program inckided in the infonnation and a user-generated key to tiw ^formation provider and by 
decrypting the information witfi an encryption key wttich hes been encrypted with the user-gener^ 
the infbrniation |[»)vkier. However, the identity of 

ott)er person's CD-ROM to use It Further, the center public key is pressed together with the enaypted eifonnation on 
the CD-ROM. This makes it difficuft to change the center public key. Also. tNs causes 

want to use diffierem center pubtic keys to forte the CD-ROM manufacti^er to use difforent masters (or stampers) in 
pressvig the CD-ROMs. 

Japanese Patent unexamined publicatfon Na Hei7-28851 9 (1 995) discloses a securi^ system for use in both the 
fast and second st«ps. However, this system is only appficable to a system in which charged infonnatfon is (fistrixited 
online. 

Japanese Patent unexampled puWwation Na Hei8-54951 (1996) disctoses a system in which the quantity of used 
software is monitored, and further software use by tiie user is inrpeded rf tiie quan^ 

Since a dedicated haidMare is necessary for inpecfing of software use. this system is only suitable for the use in a 
server in a on-line distribution system. 

There is also a system tor pernvtting a user to use, only for a trial period, soft^ 
data defkimg the trial period. In this system, a nrala fide user may mcto the software reusable by nstallaig the 
agatfi or setting ti^ user system ctock for a past time. 

There are these and other proems in the art. It is an oliject of #ie inverrtion to provide a system for p&'mrtting only 
an auttientic user (a user wtK) have legally obtatned charged information eHher on line or off line from an information 
provider) to use the charged Information wrtiiout any fimrtation, charging for each tinr^e of its use. or vntNn the tderaive 
of a use-limiting fector (e.g.. the quantity used, the days elapsed since the day of Its purchase or ttie curent date) 
according to the type of the charged information. 

SUMMARY OF THE IMVENTIQN 

Accorcfing to tiie principles of the invention, rt is assmied tfiat charged information or an application package is dis- 
tributed. either via package (or recoiding) media or via transmission media, together witii at least control infor ma tion 
such as a media titie and a media code. etc. However, an likistrBtive entxxfiment wiB be descrfoed mairtiy hi conjunction 
with charged information recorded on and distrbuted by means of ttie DVD. 

For any type of charged information, cfiarged rrformation has been enaypted witti a key and recorded on a DVD 
when obtatned by a user. If distrfouted charged information to be played is of the limitiessly playable type, ttie charged 
infonnation processing is achieved in the followtfig way: ttie key is first obtained in a user piAlic key-ancrypted fomn from 
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the DVD on which the key has been recorded at the time of &el)ffig the DVD: the user public key-enaypted key is 
decrypted wrth a user secreA k^ staed in a IC caid into a deaypted key; and the mxypted charged information is 
clecrypted with the decrypted k^ and oonsun^ (that is, played a oscaite^ Ihe user-pubic key-encrypted key 
be obtained on fine from the server serving the cfient (de^). 

s If distrt)uted charged information to be played is of the usage^ensftive charging type, the user is charged for each 
time of using the informatfon. tn this case, prior to processing the charged infonmation. the dient doUUe-encrypts and 
sends a user^ credit card nun^ to one of the to 11 servers of the provider erf the infonnation; the server adds an 
amoum (e.g.. ptay time a duratfon) used assodmed with the inforination to ^ 
field in a volume data table, and sends the updaM total amoum value to ^ 

10 total amount Then the dient starts the charged information pnx^ssmg. 

ff distrfouted charged in fo mi a fion to be played is of the limit-«ttached type, that is. the use of the information is to 
be tanited by the toiersice of a certain irmiting factor concerning the Information consumption, then the dient is permit- 
ted to consume tf)e charged infonmation ordy if the use-timiting factor is within the preset limit In case of tfus type of 
charged informatfon. prior to processing the diarged i n formatioa the cfient sends the identifier (tO) code of a user spec- 

IS ifiedappfication which is recorded on the DVD to the server: on receiving ttie ID 0^ 
fecta associated with the user specified appScafion is within the preset fi^ 

the test result, and the dient displays the test resuK:if the test was suocessftd, then the server y xfates the meter (or 
integrated value) <rf the use-limiting factor and serxfs the updated vafoe to the dient and in response to tfie receptfon 
of the MXlated value the diem displays the updated valua Then the dient starts the charged i^ processing. 

20 

BPIEF PESCRIPTPN OF THE PRAWINQ 

Further objects and advantages of the present inventfon wiH be apparent tnom 
f erred embodiments of the invention as illustrated In the aocorpanying drawings. In the drawing. 

25 

FIG. 1 lsabtockcfiagramshowinganarrangememofasystemforperiTvtlk>gausertousead8trt^ application 

padcage on the terms c4 use of the pack^ with a high«^ secur% aocofdtng to a ftfst 

^ivention; 

FIQ. 2 is a diagram showing an exemplary structure d an appfication (or a 
30 on a DVD used in the inventive system; 

FIGs. 3 and 4 are diagrams shouring. inadetailedfomi. exemplary data strudurBS of the volumedesoriptorS 
the distrtutfon desorfator 23. respectively: 

FIG. 5 is a ftow chfiui of a voluiTie ooritrd program for playing the appr^^ 
the pr^Kiple of the inventfon: 

ss FIG.eAisadagramshowinganexeriplarystructitfeof avofoniedatat^ 

FiQ. 6B is a dagram showing an exemplary structure of a appScatfon data ta^ 
FIG. 7 is a diaoiam showng a structire of a server table 75 stored n the EEPROM 10^ 
FIQs. 8A and 8B are f kw charts of initiat nxitines executed interactively by the cGent 2 and the server 8. respec- 
tively, at the beginning of the processes 650. 700 and 800. 

40 FIG. 9 is a ffow chart showing a procedure of a free play process shown as step 650 in FK3.^ 

adjacert blocks by two f kiw lin es incicates that each bfock is executed mteradively by a dient and an assodated 
server: 

FIGs. 10A and 10B are ffow charts jointly showing a procedure fonned of exemplary ei^^ 
routines interactively executed: 
4S FIGs. 11 A and 11 B are flow charts jointly showing a procedure formed of exenplary timed play and metered usage 
report routines interactively executed for playir^ an appficatfon while timing the duration and displaying a timed play 
duration after the play; 

FIGs. 1 2A and 1 2B are ikm dwts jointly showing a procedure formed of exenplary timed appGcation-play subrou- 
tBies ntenactivdy executed for playing the application wf^le timing the duratfon; 
60 FIGs.13Aand13B are fk^r charts jointly showing a prxedure formed of stftemative timed applicatfon-play subrou- 
tines interactively executed in whichtHning of play tkne is achieved with afimer m the dient; 
FIG. 14 is a flow diart of an 6xemp^ryappIk»tion play subroutine called In d 12Aeid 
13A. respectively, and executed by the controller 100; 

FIG. 1 5 is a fkjw chart shewing a procedure of a charged play p»tx»6S 700 shown ^ FIG. 5. 

55 FiGs. 16A and 16B are ffow charts jointly showing a procedure fonmed of eioanpUvy expected charge inforirwig 
routines interactively executed; 

FIGs. 17A and 17B are flowcharts joiritty showing a procedure formed of routines interacts 
650ofFiai5; 
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FIQe. 18A and 1 8B are f Iw charts joirilly showing a procedure formed of exemplary timed play and metered chaige 
report routines interactively executed for pleykig an application while limkig the duration and displaying a chaige 
and a total amount of charges after the play; 

FIQ. 1 9 is a flow chart showing a procedure intemctively executed by the dient 2 and the server 8 in ^ operation 
bkxk 800 of FKx 5, wherein Ijlocks connected wtth two flow fines ridicates that operation of the l)lock5 is done by 
tt>e two elements 2 and 8; 

FtOs. 20A and 206 are a Key-encrypting key table and a users public key table, respectively, stored in the server; 
and 

FIQ.20C 18 a ftow chart of a process for obtaining the ^apTication encryptnng key from the server 6; 

FIQ. 21 is a tiock diagram of an exemplary decrpherer-^ih-oi IC card IF according to the invention; 

FIG. 22 is a diagram showing a decoder used in place of the decoder 126 of FIG. 21 in a system 1 using the 

cryptosystem of FIG. 20C: 

FK3. 23 is a diagram for oqsltining the meanings d the terms-olHJse 
ues; 

FIG. 24 is a block diagram showing an arrangement of a system for ple^ng a disirbuted application package on 
the terms of use cl the package wrthoijt communicating with any server accordi^ 
ment of the invention; 

FIQ. 25 is a flow chart schematically dewing an exemplary control 
in Fia 24; 

FIQs. 26 ffiid 27 are f kiw charts showing an operatnn of a free play mode shown in step 650a of FKaL 25 in a 
detailed form and a further detaded form, respectively; and 

FIG. 26 is a flow chart showing €ffioperatk>n of a Hrnrt-sttached play mode sh^ 25. 
PgTAIlED DESCRIPTION OF THE PREFERRED EMBODlME^^^S 

For the sake of better understancfing of the fdiMing desaqstk^ 

Charged infomiation provided by an infomiatkm provider nri^ 
line (in on-line (fistrisutkxi). In off-ilne distrtxjtkxi. the charged infiormatkan is recorded on package media at recording 
mecfia, and distributed through the sales network of the provider, that is. sokl at stores in the series neNvorle The pack- 
age media incfajde all sorts of portable reocKding media such as vanous types of ma^ietic discs, a variety of optk:al 
menwy discs (e.g.. CD. CO-ROM. DVD), and magnetk: tapes and cartridges, to orHine distribution, the charged Infor- 
niatton is transmitted via transn^'ssion meda from the servers at the service 

aligned with the provider to the dient device (e.g.. PC (personal computer)) of the user who requested the charged 
irtfomiatioa and stored in a recoiding media of the client (device). TYie transmisston media inctode ariy teleoonvnwii- 
catton channels which pernriit data communkstxm between the servers ^ 
the transmteston media are hereinafter refenred to en btoc as *distrt)ufon mecfia*. 

The charged fnfamation may be any type of software such as mi^. movies, games, etc wtvch are each referred 
to as an 'appficatton" without discrimination. The distribution unit of charged intornvttton is referred to as a "charged 
information pactage* or an "appTicatton package*. There may be included one or more appEcafions on an appiicatton 
package. 

The presem invention relates to a system for pern^ng a user to use a dSstrijuted 
of use of the package with a hitler security. 

Embodiment 1 

For the purpose of simplidty, a first ifiustrative embodiment wii be described in whk:h padage mecfia. among other 
things. CVDs are used asdistributton media* 

FIG, 1 is a btock diagram showing an amangement of a system for pemnitting a user to use the appricatk)n(8) 
recorded on a DS/D on the teme of use of the DVD with a higher security acoordhg to t^ ilkistrative enixxllment 
of the inventioa In FIG. 1 . the system 1 comprises a dient or DVD player 2 whfch plays a DVD 3. a telecommunttatkm 
network 4, and a server 8 at a tdl cemer of the provider 6 wt^ provides the applicatnnpadcage of the ^ 

FIG. 2 is a <fiagram showhg an exemplary structure of an appKcatkn (or a charged informatRXi) package 20 
recorded on the DVD 3 used in the inventive system 1. In FKl 2. the application package 20 comprises at least one 
application 21. a vokime (or package) desaiptor 22 conprising data concernng the applk:afion pad«ge20. andadis- 
trt)utk>n descriptor 23 comprising data which is detenrvned mainly at the fime erf. e.g.. cfetributnn or sales after tfie 
pressing of the DVD 3. rnie volume descriptor 22 and the distribution descr'i^ 
ofthevokime20.)lnthis enrt)0c6rriem it is assumed that a ^nie (or package) contrd program whkii a 
of the applk»tion padege 20 in coQpemtion with the server 8 is incU 
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20. Thus, the applk:ation package 20 further oomprtses the package control program 24 suited for the terms of use of 
the package 20. The app&catkm(s} 21. the volume desaiptor 22 and the package (or vdime) oontrol prog^am 24 are 
recorded m the data area of the DVD 3 at the time of maruitacturvig the DVD 3. while the distrixilion descriptor 23 is 
recorded m the burst cutting area at the time of, e.g.. sales of the DVD 3. 

5 FiOs. 3 and 4 are diagrams showing^ in a detailed form, exempiary data stmctures of the volume descriptor 22 and 
the distrMxition descriptor 23. respedivety. In FIG. 3, the volume descnpta 22 at least contains a vokjme identifier 
(VIDv) 25 which the title of the app^cation pad«ge 20 is prot)abiy used lor and which is the same as the application 
kientifier if the package a volume 20 contains only one ^icatkm; a provider ideitiffer 26; votume creation date and 
tffne 27 wfMi may b& used for ttie base point by which volume expiration date and time as de8crfl>ed tater ts deter- 

10 mined; and volume effective date and time 28 incficative of date and time untfl which the volune 20 is available. If the 
volume 20 contains more than one applicatkins, tfie vdume descriptor 22 further contains a^jpficatton identifieis 
(AIDa's)29. 

In FIG. 4, the dtstnbutioi desa'ptor 23 comprises the fieds of: a volume issue number (NOy^j) 30 whkti contains a 
serial rximber giv^ to each of the distrtxited application packages of ffii identical vdume identifier (vohmie ID or title) 

16 VIDyln the order of distribution; a server public key (PKJ 31 the data of whKh is given by the server 6 at a toll center 
of the provider 6; a PKy (u8er-publk>kBy}-enaypted appHcation-encrypting t«y (Ky) 32; and sates date avi time 33. The 
keyPI^31 field contams a key which has been used in encrypting each ^spEcatkyi 21 in ttie package ^ and which 
has been encrypted with a user public key (PKJ d the user who has legally obtained the p^ 
are recorded in efl of the fiekte 30 tfraigh 34 at the time of distribution of tiie pad^ 

20 the DVD 3 in this embodiment. 

The distribution descriptor 23 furttier comprises the f iek! 34 of terms^rf-use code (mode code) plus limit value for 
the volume (ffw volume \Mt value field) and. for each of tiie application IDs 29, tiie fieUs 35 of terms-of-use code plus 
lirrit value for the application ID 29 (apptication limit value field). If terms of use are set only to the volume 20. tiiereis 
no need of the field 3& If terms of use are set to each applkiatkMi. the field is enptyi 

26 FIG. 23 is a diagram for expi^ning the meanings of tiie tenns-of-use (TXXJ) codes and the oonespondtng fimit >«l- 
ues. In FIQ. 23. the terms-of-use code may be, e.g.. one byte In length. The higher digit (X) of the TOU code sicficates 
the target to which the terms of use is applied as shown in table 36. That is. higher di^ of 0. 1, 2.... tndrcate tfiat the 
TOU codes beginning with those 6^ are for the enta'e volume, plication 1 . €q;)plication 2 and so on. The kswer di(0 
(Y) of the above mentioned tenn&ofHse code indicates tiie terms of use of the paoteige 20 or the appication 21 to 

30 which the code is set and isdirectiytollowedt>y a corresponding lin^ value as shown in table 37 of FIG. 23. Spedficaly. 
the tenns-of-use code (or TOU oode)of OOH means, for eocample, that the vdume 20 is usable freely after (fistrt^^ 
The value 31 K means, fbr example, that the applkationS to which the TtHJ code is can tw used t>y paying per unit 
of play duraticm. The lower digit of 2H or more means ttiat tiie volume 20 a tt>e application to which the TOU code is 
set can t>e used freely unti the conesponding limit value are reached, wt^ disables furtiw use. As seen from ttie 

36 table, the use-fimrting factors deterrrined by the TOU codes whose tower digits are 2H to 5H are the current dato and 
time, the e)qMration date and time, ttie amount of used period, and the access count respectively. 

Since the data of tiie dislrixrtion descriptor 23 can be set as descrtoed abo^ 
the users wHh morefleDdbility ttien conventtonal system can provid& 

Again in FIG. 1 . tiie DVD player 2 oonprises a controller 100 for oontroiing the entire DVD player 2; data bus 102 

40 connected witii tiie not^shown CPU (central processHig unit}, not-shown ROM (read-only memory). RAM (random 
access m^nory) 101, and EEPROM (electrically erasable programme BOM^ 103 included ai tiie contrdler 100; 
human interfaces (IFs) 1 10 induding input d&^ices such as a keyboaid. a voice recognition device, a mc^se, a remote 
controller, eto. ; an IC card interface (IF) 120 for connecting ttie bus 102 witti tiie f%M (nc^ shown) si a IC card 5; a DVD 
driver 130 for reedkig out the data recorded on the DVD 3 and for demodulating ard error-correcttng the read data; a 

45 video and audio output IF 1 40 for receiving a MPEG 2 bit stream and ou^putfing a video and audio output signals; a 
display device 1 46; a loudspeaker 1 48. and a communication IF 1 50 fbr communicating through ttie public tdecommu- 
nkstion network 4. The IC card 5 stores a user's password PWu and a user's secret key SK^ which conesponcte to ttie 
iisets public k^ PK^ mentioned in conjifiction witii ttie PKy-enaypted AP-encryptsig toy (Ky) contakied k\ ttie f idd 32 
of ttie distrfoution descriptor 23 recorded in ttie burst cutting area of tiie C^VD 3. The video and aucfio output IF 140 

60 indudes a MPEG 2 vkleo decoder 142 and a MPEG 2 audio decoder 144. 

As for obtaining the DVD 3. ttiere may be some ways. If one is to buy a DVD 3. e.Q.. at some book store or ttirough 
mail order, he a she has to have ttie PKu*encrypted version of an appTication-encryptng key (K^) recorded in the burst 
cuttffig area of the desired DVD 3 by notifying his or her publk: PK^ which corresponds to his or her secret key SK^ 
stored in ttie IC card 5. If one is a member of a DVD detribution service, he or she cam obtsmi a OJO witii a PKu* 

55 encrypted AP-encryptkig key recorded without notifying ttie PK^ each time of obtaining because he or she must have 
notified ttie PK^ when he or she applied for ttie service. 

In operation, ttie user first sets a desired DVD 3 in ttie D\^ driver 130 of ttie DVD pla 
mand to the DVD pl8^ 2 through an appropriate human F 110, In response to a receipt of tiie start command, ttie 
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coTtroller 1 00 reads the voJune control program 24 from the data area of the OVD 3 through the CVD dswer 1 30 whHe 
loading the read program 24 into the RAM 1 01 of the controfter 1 00. and then eKBcUe& the volume control program 24. 

FIG. 5 Is a fbinr chart of the volume control program 24 for playing the S9ip6catk)n($) 21 recorded on the DVO 3 
accoiding to the prkic^ of the invention. In Fia 5, the controller 100 f»«tf>ecks the AID 1 field to see if the volume 

5 20 contains a single ^ication in step 500. If not then the controller 1 00 displays the application IDs in the field 29 and 
prompts the user to select a desired one of the applicationB in step 502, arvl waits for the selection in step 504. If any 
application is selected in step 504, the controller 100 registers the application ID of the appScation as the application to 
be pl^ in step 506 and proceeds to step 508 to check the field 35 d the term&<ifHM 
the selecM appliG8tk)n to see If the field is empty. K sa the oomioBer 100 p^ 

10 field 34. 

On the other hand. H the test result is YES in step 500, then the cornier 100 registersthevolimie ID as the appli- 
cation to be played in step 512, and reads the voliime Nmit vakie 34 in step 510. 

If the step 510 is completed or the test result d step 508 is KO, then the oontioner 100 chede the tenrns-^^ 
(TOU)oodetoseeiftheloiwerdioitoftheTOUcodei50i^ 100 plays tti ^ication 

16 freed charge in stop 650. and othenmee makes another check to see if the 1^ Instep5l6. 
H so. the controller 1 00 plays an application in a usage-sensitive charging in step 700, and otherwise Of the bwer cfigit 
dthelOU code is 2 or more) play an ^k»tk)n only when the software mrterd a use^lmi^ 
value ki step 800. On con^eting any d the steps or processes 650 throuj^i 800. the controller 100 ends the program 
24. Thus, the DVD player 2 plays a pro^nam specked by the user acoordN^ 
20 code which has been sd to either the apptk»toi package or the specT^ 

The processes 650, 700 and 800 are eDcecuted imeractivdy with an assod 
ous data fd executkig these processes, and store such daAa in the kxm d tables. 

FIQ. 6A is a dla^am showhg an exemplary strudire d a vdime data table stored in a server 8. In FIQ. 6A, Each 
d the records d the vdwne data table 60 conprises volume ID (VIDy) and issue 1^. (hK)^ fields. The combmatio^ 
ss VlDv and NO^^ serves as the user ID d the user d the applicalm package 20 a t^ For tNs reason, the table 
60 has» for the inembere or subscribers d OVD didrixitkm service a the li^ 

example, a member ID. a name, an address, etc. Each record further conprises a vdinne minute meter field (VM- 
METEfVi) containing a software meter d play duration in minute whfch is attached to (or associated with) the volume 
20 ; a vdurro charge meter (VC-METE J oontaHiIng a softwa-e charge meter wt»ch is attached to the vdume 20 : a 

so limit vahie (LVv.|) containing a timit value associated with the TOU code (eg., the effective date and tBne, the viewable 
expiration date and time, the allowable access, etc.); a limit value meter (LV-METEfVi); an ipptotion ID (AIDv+J fidd 
containbg the title d the appScation: an applkatton nwmte meter (AM-METEf^tJ field contaimig a softwa-e meter d 
play diffalion in minute which is attached to the apptk:atkMi d AIDy^^; an appiicatton chaise meter (AC-METEfV4«) 
field lor a software nwler d play duration in minde whki) is attached 

35 containing a limit vahjeassocirted with the TXXJ code; and a fimtlvak^ 

FIG. 6B is a diagram showing an exemplary stmctured a ^icatk)n data t^staedff) a In FIG. 6B« 

the applicatton data lade 70 comprises the fields d. for example, an ^ication code (ACODEJ. an ^^pfication title 
(AID J. a duration (D). a rate-per-access {RATBACCESS), an access count, a mimite meter, ete. The duration is a 
period d time what it takes to play ^e application. The rate per access is a charge for a play d the whole {^cation. 

40 which is used for infomiing the user d an expeded play duration pitor to a play. T^ 
unit time d day, which is used for the cakaJation d a charge for an actuafly t^ 
minde meter fields contains the nimber d aocesses to tfie appTication an^ 
necessary for the presed invention bd win be used in statistical cakal^^ 

FIG. 7 is a diagram showing a structure d a server table 75 stored m the EEPROM 1 03 d the client 2. In RG. 7. 

45 the fields d the table 75 comprises a server puWic key (RKJ. a server ID (SIOJ, a server net¥wrk address (SADDJ, 
etc. this table 75 is used for associating the sever public key (PKa) contained in the dstnbdfondesc^a 23 recorded 
in the burst cutting area d the DVD with the ID and the network address. 

Play an Applk:atfon Free d Charge 

so 

The initial routines dthe processes 650. 700 and 800 are the same. 

FKBs. 8A and 8B are ffow charts d biitial routines 60a and 80b whKh are executed interactively by the client 2 and 
the server 8. respectively, at the begkinhg d the processes 650. 700 and 800. In FIG. 8. the contrdler 1 00 d the cfient 
or the DVD 2, in step 82. sends a sennce request with the network address CADDcdthe cfi^or DVD 2. the TOU code 
S5 pkjs limH value, the vdume ID (VIDy). the issue number (NOyJ. the appKcatfon ID [MD^,^. mi other data to the asso- 
ciated server 8 the ID d which is SID, (SIDe is obtained from the taWe 75 in FK3. 7 by using the public key recori 
the DVD 3). and in step 92 waits for a response from the server (SIDJ 8. H there is a response from the server (SIDJ, 
the cTient 2 proceeds to the next step through a drcle with *A- therein. 



6 



EP0840194A2 



On the other hand, in FIG. 8B. the server 8 of SlDg receives the message from the client 2, that is. the service 
reediest and the aoccmpanying data and stores date ki a predetemiined location for stbsac^jent use in step 84. Then, 
the server 8 searches the table 60 for a reooid ivtvch contains VID^ and NCV^ in the volume (D and issue Ma fields 
thereof, respectivBfy in step 86. If the search is unsuccessful, then the server 8 adete the record for VIDy and 

5 fils rel8vamfiekfewHhA(Dvu^a and a (krvt value, if any, Also. Ifthe 

search In step 86 is succe^fid, the server 9 proceeds to step 90. where the server 8 setects a routine to execute next 
according to the value of the TOU code and emeis the selected routine tN^ug^ IntNscase. rf 

the TOU code » xOH (x: an artutrary HEX number, the letter H h tf>e last position indicates that the preceding number 
is in hex^ectmal). ttim a roi^e for playing an applicatKm free of charge is selected. K the 10U code > xlH. then a 

10 routm for playing an appfication in usage-sensitive chaiging is selected. If the TOU code ^ x2H, then a routine is 
selected iMhtch plays an €93plicaAion only if the softw^ 

FIG. 9 is a ftowc^ showing a procedure of a free piay process shown as step 650 in FKa. 5. wherein connecting 
adjacent bbdcs by two flow lines incf cates that each block Is executed interactively by a cSot of CAODc and an asso- 
ciated server SID, as diown in detafl lat^. the TOU code is 0 in step 514 of Fia 5. eien the sender (CADD J enters 
15 the free play process 650 as shown in FK3l 9. and the cfiem and the sen^(SIDJ execute the in^ 

660. In block 670. they executes an expected play time Infonning routine, that s. displays an Q9>8cted play time before 
playing an spec^ied appfication. in btock 680. they execute an application play and metered play time report routine. 
Since the noub'ne 80 has been detailed ffi FIG. 8. the expected play tinie infonning routme and the app6cation pteiy and 
metered play time report routine will be detailed in the following. 

20 FIGs. 1 0A and 108 are flow charts jositly showing a procedure formed of e}^nplary expected play time informnig 
routine&97aand97binteracthfdy executed by the client 2 and the associated server 8. respectively. In FIG 108. the 
server 8 retrieves the duration (Dn) of the application of AIDv4« from tie t^e 70 in a «^ 
the next step 92. the senmr 8 ctioulates an e}9)ected total amoum of play firm 
SpecTtcally, if the TOU code is OxH. thOT the dient adds the duration (On) and ^ 

26 reoofd identiTied by VlOy and NKVi in the table 60. H the TOU code is axH (a: the application rejmber d the spedfted 
appfication in the volume), then the cSent adds the duration (D^J and the value of the AM-METER^ fteld of the record 
ident^ied by VID^ NO^.!. and AID^.^ in the table 60. Then the server 8 sends the result to the cfient whose network 
address is CADD^ in step 93. and ends the process. 

On the other hand in FIG. 10A. the cfient 2 recoves the incoming messc^ or the vahie of tfie Mpdated meter in 

90 step 94. In the next step 95. the value is dtepl^yed as the total annount of usage. Tb^ 
In lipdatng a relevam meter, a predeAernwied value of 
1 0 (a preset value metering system) . This anrangement is suited mainly for such appTications as it t^«es a constant time 
to play, and wil not cause a prQt>lem unless the user discontinues the p(ay. from this point of view, it is prefers^ to 
actuafiy measure the playing fane in metering (a timed value metering system). However, it is also noted that the preset 

55 value metering systm is usefU in infonming the user of expected play tone pria to an actuti playing. 
FIGs. 1 1 A and 1 1 B are flow charts jointly showing a procedure fb^ 
report rou&ies 675a and 67Sb Interactively executed by the client and the server, respectively, lor playing an appfication 
while timing the duration and (£sptaying a timed play dUiatkxY after the play. In the routkie 675, the client and the server 
call a timed applicationii^y subroutine for playing the application wli9a timRig the duratk)n (play time) in step 200. 

40 Then the server 8 proceeds to step 210. where tfie client updates a relevart meter aocorcSng to tfie TOU code m 
the same manner as in step 92 of FKx loa Spec^icafy. if the TOU code is QxH, then the play tone is aided to the va^ 
of the VM-METEfVi field of the record identHied by VIDv and NO^, in the table 60. If the TOU code is axH (a: the appfi- 
cation niffnber of the specif ied application in the volume), then the pl^tinne is added to the value of the AM4^ET¥R^ 
Infield of the record identified by VIO^ ^K}«M. and AIDv4« in tte 

45 value of the updated meter (i.a. the total amoum of play tinM) to the diem whose netwo^ 
212, and ends the process. 

On the other hand, the diert 2, after step 200. make a test to see if there is a response from t^ 
step 21 4. This step is repeated until the dient 2 receives a caH from the server 6. when the client 2 receives the incom- 
ing message or the value of the updated meter in step 216. In the next step 218. the client 2 (fisplays the play fame and 

60 the total amount of play time, and then ends the routine 675. 

FIGs. 1 2A and 12B are f kMr charts jdntly showing a procedure fomned of exenplary timed appication-play subrou- 
tines 20Sa and 205b executed ttie dient 2 ml the server 8, respectively for playing the appBcatkxi while tinwig the 
duration. The server 8 of SID, waits for a notice si step 611 to see if the dient has started playmg the application. On 
the other hand. thedient2of CADDc informs the server of a standptey^dep 610 and iniiie(£ataly call oi^io 

65 play subroutine in step 612. This, causes the server 8 to start a timer in step 613, arvi waits for a notk^ 

from the cfient 2 in step 61 5. On completing the step 61 2, the dient krforms the server 8 of the stop of play in step 614. 
In response to this notice, the sen^r 8 stops and reads the tirner as the pley tinw in step 61 7. After ste^ 
the dienl and ttie server return. 
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Though the above described arrangemem has used a tkner of the server, it mc^ be poeelsle to u&e a 
client. 

FiOs. 13A and 13B are flaw chals jointly showing a procedure formed of €tflemative ftned appiJcation^ si^rou- 
tines 205ac and 20Sbc interactrvely executed by the dient 2 and the servers, respectively, in which tiniHig of play time 
is achieved with a timer in the dient In the ^erative subroutine 205a. the client 2 starts a tvner in step 620. calls an 
application piay routine in step 622. stops the thner in step 624. sends the play time to the sender 8 in step 626. and 
then returns. On the <^er hand, th e server 8 . on entering the subroutine 29Sb. waits for a caU from the dient of CADDc 
in step 621 if there 18 a call from the diem 2. then the server 8 receives the play t^ 

However, the anangement of FIG. 1 3 has a posstoiHty of pennitttng a mala fde user to mar^xilale the timer of the 
cHent 2. Rom tNs porrt of view, the anangement shown in FKS. 12 is preferable to that of RG. 13. 

FIG. 14 is a flow chart dan exemplary app6catk)n play subroutine caBedtfi^ 12A€uid 
13A. respectively, and executed by the controller 100. 

Pfia to the descrption of the flow chart m defhe some notation concern^ 
ing X vnth a key EK according to an encrypting algaithm e yields X ^ 

e(EK.X)»Y 

Simiarly. if decrypting Y with a k^DKacooRtng to a decrypting algorithm d yields Z. then H is expressed as: 

d(DK.Y)«:Z 

Assuming that the aigoriftvns e and d and the keys EK and DK correspond each oto 
that 

d(DK;e(EK.X)).X 

Returrang now to FIG. 14. the controller 100 read the PKu-encrypted appKcation-enorypting (AP-encrypling) 
(Kv) a e1(PKu. Kv) from the ffled 32 of the distri)ution descriptor ^ 

v-1.2 V. 

where V is the number of kinds of the ^ication padoge. indi^ 

through is assigned to respective Kinds of appfications. that is. vdune VI01 through VID^. 

In the next step 604. the user secret key SK^ is read from the IC can;! 5. In the next step 606. the PKu-encrypted 
AP-encrypting key e1{PKu. K^) is decrypted with the user secret key SK^ to obtain the ^ication encrypting key Kt 
Then in the next step 608. the li;-encrypted application (AP), i.e. . e(l^ AP) whk4i is recorded on the OVD 3 is decrypted 
with the obtained AP-erxrw^ng key to obtain d(K^ e{K^ AP)) - AP . wt^e passtfig the obtained applwatk)n data 
to the video and audio output IF 140. The obtaried appicationdatahasthelbrmof an MPEG 2 bit stream. The vkteo 
and audio output IF 140 converts the MPEG 2 bit stream of the application data into video and audo output signals 
ttvough MPEG 2 video and audio decoding. The vkieo and audio ou^xri signals are app6ed to the display device 146 
and the kxjdspeaker 148. respectively. 

Play an AppKcation in Usage-sensitive Charging system 

FIG. 15 is a ftow chart showing a procedure of a charged play process 700 shown as step 700 in FIG. 5. wherein 
connedtng descent bk>cks by two fk>iv Ibies tndicmes that each blodc i^ 

an assodated server of SID,. In Fia 15. the dient 2 enters the process 700 via step 516 of FIG. 5 and proceeds to 
block 630, where ttiecSem 2 and the associated sender 8 execute the initial routm In tfia next bk>ck 640. the dient 
2 displSQ^ an expected charge and a total amount of charges received from the server 8, and let the user decide 
whether to play the desired applk»fon. 

FIGs. 16A 16B are fksw charts jokitly showing a procedure formed of exemplary expected charge informing 
routines 640a and 640b int«Bdively executed by the dient 2 and the associated server 8. respective. TT>e routines 
640a and 640b are very similar to the routine 97 except that in the routine 640. the DURATION (DJ or T^iay time" has 
been replaced with RATE PER ACCESS and "charge^ between steps 92a and 93a. thv e tvis been added a step 641 
of the server generating and storing a pseudo random nuni)er R In a ineniory k)ca1k^ 
the pseudo random nunter R as wefi; between steps 94 and 95a there has been added a step 643 of the di^ 
the received pseudo random number R in a memory locatnn R" for subsequen use. The replacement of DURATION 
(D„) with RATE PER ACCESS is achieved by accessing a RA1¥ PER ACCESS field 74 instead of a DURATION field 
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73 in table 70. Fuither. h me routine 640 there have been added the folowing steps: in step 644 foDoviring the step 96a, 

the dtent 2 makes a check to see if the userdecde5toplaytheappecatk)n:if not.thecientaseridsacMtniessage^ 

the server erf SAODe in step 645. and ends the routine 640; on the other hml. in ste^ 

server 8 d SIOs waits for a caD from the cCem 2 d CADDc; on reoeh/tng a C8^^ 
5 check in step 646 to see if what has l^een received is a qti) message; if sa the ci^ 

user decided to play the appScatkKi in step 644. which nieanslhm what tfie server has received is not a quit rnessage 

but an encrypted aedit caid nunto as seen from the descrption bekiw. th^ 

the step 650 of FKx 15. 

In the next block 650. the server 8 obtains a usei's aedt caid niOTber (C^^ 
10 security of the cafdnunnber as shown in FIGs. 17Aand17a In step 647. the dienl 2 encrypts the crecfitcaidmimber 

oftheuserwNchhasbeenirputbytheuserffvoughahumanlF 110 with a key. Le. the pseudo randm runt>er R 

whk;h has been stored in a memory location R" in step 643 of FIG. 16A to obtain e2{a CX5N0u). In the next step 648, 

the client 2 further encr^ R ^ e2(R. (XNOu) with another key or a server public key read from the distrftiutkyi 

desaiptor 23 recofded in the burst cutting area of the DVD to obtain 
16 e1(PK«. R -¥ e2(R. CCNOu)). 

In the next step 649. the diem 2 sends the encrypted data to the server 8. ThroiQhste^ 16B. the server 

proceeds to step 650. where the server 8 fncte that what received from the diem CADD^ is eriory^ In the 

next step 651. the server 8 reads a server secret key SKq from an iCcaid 7. in the next step, the server 8 decrypts the 

recdved encrypted data with the server secret key SK« as fo(k)ws; 
20 d1{SKB, encrypted data) « d1(SKe. el(PK„ R + e2(a CCNOu)) « R ♦ e2(a CCHOu), 

In step 653. the server 8 makes a check to see if the just obtained psoido rarvk^ 

nunr<)er R wtvch has been stored in a nr)enK)ry kx»1k)n R* d the se 

the cfientdCADD^ ml in step 656 decrypts e2(R, CCNOu) with the pseudo random rwt>er R to oblain ^ 

aedit card nunt>er CChlOu. On the other hand, in response to a reception d the « 
2S 2 exits from the process. Alter step 655. the s«ver also exits from the process.!^ 

server 8 sends a disable message to the dient in step 656. and ends the process. In response to a reception d the dis- 

able message in step 657. then the diem cfisplays a message to this effed tn step 658. and th^ ends the process. 
After operation dbkxi< 650, the diem 2 vvaits. in step 663. for a report from the server on whether the aedit can^ 

Id the transmitted card nunnber (CC^Ou) is vafid or not while the sender 8 refm 
30 the card number s step 661 toseeiftheaeditcardisvalkJ.if not.theserver8infonrathecliert2dtt^ 

the credit card in step 662, and ends the process. If the card is vaU in dep 661. the server 8 Morns the cfiemd the 

vafidHyin6tep667. If the diem 2 receives a report from the server mdep 663. the diem md«s another di^ 

664 to see H the report indicates the validly d tie card. If not. the diem display a message to sKficate the invalidity ri 

dep 665. and &ids the process. If the report indicates the validity in step 664. 
55 then the diem 2 and the s^^ 8 proceed to the next dodc 670. 

In dep 670, the cfiem 2 and the server 8 execute timed play and mdered charge report routine. FIGs. 1 8A and 1 8B 

are f fow charts jdmiy showing a procedure fonned d routines 675ac and 675bc niteradivdy executed for playirx) an 

appKcatfon whie toning the duration and display a charge and a tdal amoum d charges after the play. In FKB. 1 8. 

the routines 67Sac and 67Sbc are kientkad to the routine 67Sa and 67Sb in FIGs. 1 1 A an^ 
40 been replaced with "charge*, and accordingly VM-METER and AM4CTHR have been replaced with VC-METER and 

AC-METCR. 

The operation, in the diem 2. d playrng an appfication on usage-sensitive changing is oonplded by bfock675 d 
Fia 15 or step 218a dFKa. 18A After dep 212a the server 8 charges the play to the aedit card nijTi>erC^ 
obtained in step 655 d FIG. 17Bki dep 680. This oonrpletes the whded the charged appficalk^ 

46 15. 

In ths process, only irAymation on charge is given to the user. It is very easy to provkie infonrarlkyi on both time 
and charge by adding steps 91 through 93 and 95 to the routines 640b and 640a, and by adding steps 210 and 21 8 to 
the routines 675bc and 675ac. 

As descnbed above, expeded time and/or chvge are 0&) displayed before playing a user specified appicatkxi. 
BO This is hefeTf ul for the user to deckle whdher to play the application. Additionally, charging is done based on tfie actually 
tkned play duratfon. This makes the charging reasonable. 

In the above description, the arrangenriem is such that the user has to 
each time he or she wants to piay an appTication. However, indeaddddng this, the aedit card number C(>IOunriay 
be stored in non-vdatile memory or EEPROM 103 in a PWu-»icryptod form. In this case. CCNOu is obtained 
55 decrypting PW^-enaypted CCNOu (e.g.. e(PWu. CCfslOu)) with a password edered by the user. That is. d(emered 
password. eCPW^. CCNOu)) - CCNOu. 
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Permtt the Play WHhin a Preset Unit 

FIG. 19 is a ftowctwt showing a procedure rmeracthrelyexecm 
block 600 of Fia 5. wherein bkxks connected two flow lines indicates that op&Btion of the blocks is done t>y the 
5 two elemerTts 2 and 8. In this case, it is assumed tat a preset limit is recorded in or on the i^ica^ 

transmitted from diem 2 to server each time of play. On entering the process 800 via step 516 of FiO. 5. the cfient 2 
proceeds to step 801 . where the diem 2 and the server 8 exectrtes the iriitial 

if there Is a record for VID^ and NOy.^ then the ItmH vtf ue (LV^i) field of the table 80 of FKa. 6A oomai ns the lirrvt v^ 
transmitted from the diem 2, othenwise, ttie received limit value is stored in the LV^ field when the record lor VIO^ and 
10 NOv^ is added in step 88. 

In step 81 0, the server 8 makes a check if a meter assodated wim the 7DU code receK^ 
the IMt value. This check is made t)y comparing an LV fieki a^ 

GO. if the value c« the LV'nr«ter is equal to or greater than the LVfieW value* then the sen^rete^ 
sage to the dierit 2 in step 820. If not, the server 8 retim an undedimit message to t^ 
16 ceeds to step 828. If the diem 2 receives the overlknit message in step 824. then the diem 2 cfisplays a message to this 
effect If not the diem 2 proceeds to the step 828. 

Since the expected play time infonrnvig routines 97a and 97b and the application play subroutne 600 has been 
desaibed abov«. the description of steps 828 and 830 are omitted. 

According to tNs feature of the invernkxi. it is possi)le to limit the use of charged in fai n a fon. TOs feature is espe- 
20 daily useful in case when a user who have paid in advance for the use of the appl^^ 
the application package within a limit value. 

Though H has been assumed that the limit values are induded in the applcatbn package, the limit values may be 
kept in the servers of the provider or dtsfrtouter from the beginntng. In ttns case, the Isnit values are fixed. However, if 
limit values are permitted to be set and recorded in the appKcatkxi padage at the time of distrflxrtk)n or sales, the limit 
2S values are advantageously set aooordng to an amoum paid 

As is apparem from the foregoing, as a limit value, ariy use-limiting factors wUI do that can be measured in quantity. 
Such IMt values are, for exanple. the effective dato and time, the aUowabfe exptralton date and lime, the maximum 
amoum of piay time, the afiowable access count 

It is also possasle to combine this feature with a charged application play feature. That is. an anangemem nr«ty be 
30 such that the user is pemiitted to use an ^k:ation padcage on usage-sensitive char^png only the value of an LV- 
meter assodated with the TOU is under the value of the conesponding LV or the va^ 
tlie distrtxjtion descriptor 23. 

Modiffoafion 1 

36 

In tiie BbcM embodn^ent. applications, if more than one, in one volume are encrypted by an identical appik»tion 
encrypting key H«/€ver. the €^ications APa in one volume may be encrypted witii respective AP-eocrypting keys 
Kq, where a kwer case Vfdk)w^AP and K (8 a serial nunt)er assigned to each 1^ 10. Intftiscase.eachof 
the ^-encrypting keys are encrypted with the user public key PKj,. and stor^ 
^ key (KJfiekls 32a in the distributton descriptor 23. 

Modification 11 

tt to been assumed tiiat tiie user of the DVD 3 is liiTvted to the put:haser thereof who h 
45 AP-encrypting key (K^) recorded on the DVD 3. However, the system may be so ananged that predetemtined people, 
e.g.. fam8y members FM^, FMg,.,., FM^ of the purchaser can use the DVD (N is the nur^er of the family membeis). 
One of the ways to realize this is to encrypt the AP-encryptirig key wi^ 

- 1, 2.-..N) to obtain el(PKu.i, K^), e1(PKj^2. ^l -. «1(PKu^. K^) and to record them In the PK^H,-««rypted AP- 
encrypting key el (Pl^. K,^) f iekls 32 of the distributfon descriptor 23 at the time of purchase of tiie DVD. 

60 

Modifk»tion III: K,^ Retrieval Rom Server 

In the above description, the AP^encryfA'ng key Ky has been recorded in a PKu-encrypted fonn on the DVD 3. How- 
ever, the AP-encrypting key K^rnay be managed by the server 8 and transmitted to tiiecG^ 
ss response to a rec^ issued from the DVD player 2 each tnne of ise of the DVD 3. In tf^ case, there is no need of 
providing the distrtoution descriptor 23 with ttw PKy-encrypted AP-encrypting key fieW 32. Instead each of the servers 
has to store an AP-encrypting key table (or K,, taWe) and a PKu table (shown in Fl^^ 

shown in FIG. 20A, the table a volume ID (VIDv)fieW (as the entry of record) and an AP-encryptir^k^ (Kv)fieW in 
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each record. ^ FiO, 20B, eac^ record of the PK^ table comprises a vokm 10 (VIDy) fi^ (as the entry of record), a 
volume is&ue ni^Dber (NOv.|) field and a PK^ field (Successfve same values in the first field are shown t^y showing only 
the fast appearing one). Furth^. the process (a step) 61 0 of obtaining the AP-encrypting key K,(» tat Is, a group of the 
steps 602, 604 and 606 in the application play KDUtine 600, has to be replaced wrth a process of FIG. 20C. 

s FK3.20C is a flow chart of a process in w^'ch the cHemDVO player 2 obtains th^ 

the server 6. in step 61 6, the server 8 retrieves a key from the ^e by using VtCV In the next step 61 8. the key 
Ky is encrypted with an a/txtrary number used only k\ the curent process, e.g.. a pseudo random nuiiber R to oblak) 
e2(R.Kv). In the next step 620, the server 8 retrieves a key PK„ from the PK^t^ by reacing the Pl^ field o^ 
whkii contains VIDy and NOvi in the VI Dy and NO^^ fieldSw respecMy. In the nod step 622. R e2(R, is encrypted 

10 with the retrieved key PKu to obtain a double encrypted AP-^^ 

e1{PK«,R + e2{R.M. 
wf^ch is returned to the cOert wHh a dient network address CADD<. in the step 624. 

On the other hand, the controller 100 of the dient 2 waits for a response from the server 8 of SID3 in step 626. ff 
there is any response from the server 8 of SID^ in step 626, then the dient DVD 3 receives the data el (PK^. R + e2(R, 
IS Kv))trom the server 8 in step 628. In the next step 630. the received data is decrypts 
from the IC caid 5. Spedficaf ly. the Mowing calculatkm is dona 

d1(SKu, ei {PKo, R + e2(R. K,))) -=«> R e2(R. K^) 
In the next step 632. e2( R, K^] is decrypted with the obtained pseudo random number R. SpedTically. the foBowing cal- 
culatk>nisdone. 
20 d2(R. e2(R, K^)) ^> 

Thereafter, the controfier 100 proceeds to the step 608 of FIG. 14. 

In tNs modif icatkxi, the applicatkyie APa in one vdume may be encrypted with respecfivB AP-encrypliiig keys K^. 
In ttvs case, the Kytcrible has to be replaced with K^t^e in whid) each record ID(AIOJfteW 
and an AP-encrypting key (Kq) field. Further ki step 61 2. the oontrotter 1 00 of the DVD player 2 has to also send the 
2S application 10 of the caseation to be played to the server. 

Also ri this modKicatkxi. the system may be. a^'n. so arranged that predetermined people, e.g., fan^ members 

FM^, FM2 FM|^ of the purchaser can use the DVD (N is the number of the fanr% members). In tNs case, for each 

member FMn (n« 1,2 N0.theserver8h8Stousethement>ei'sownpub6ckeyPK^tnencrypttfigthe AP-enc^ 

irQ key Ky. One way to realize tNs is to issue a volume issue fujmber NOy^ 
so of the DVD, prmide the non-volatite memory (not shown) of the DVD pfaiyer 2 with a table for a s so dat ii Tg the user's 
password PWn with the volume Issue number HO^, send the >^ume issue nurrber (!N0^4^i a ssociated with the 
user's password in step 612. and use not the PK^t^ebutaPKu^ table in whkii each d tie raoonis has the fo&iwin^ 
fieMs: 

VID,. r^^i.„. PKu-n. 

3S Anoth^ way is to issue and record not only a vdume «8ue nurter hKVi but also family member nuites FMNn for 

all members at the time of sales of the DVD. provide the non-volatile rnemory (not shown) ol the DVD player 2 with a 

table tor associating the user's password PWn with the con-esponding M 

issue nunt)er (hK)v J and the farniV rnerito^ number FM^h assodated with 

another PKu^ table in which each of the records has the tolk)wing fields: 
40 VID^ NOvH, FMfsfci. PKo-rv 

In the process of FIG. 20C,thesen/er8nriaybeauthentk»tedbyrnean8ofapub6c4Qeycrypto5ystemusinga^^^ 

of server seaet and pubfic keys (SK,, PKJ. In this case, tie server 8 si^ the doUsle-encryptedAP-encryplingke^ 
6l(PK„.R + e2(R.KJ) 

with a agnhg key or the sen^ secret key SK, after step 622. While the die^ 
45 the sen/er 8 with a test key or tfie server pubfic key PK^ contained in the Pl^ fieti 31 of the distrftiutai desatptor 23 

recorded in the burst cutting area of the DVD 2 before step 630. 

However, even rf just desaibed authentication of the server 8 is omitted, an attacker wi§ never go to any greater 

length than a steal of TOU code plus imit value, a vdume ID VlDy, a volume issue nurter NOy.{. and the di^ network 

address C ADOe. This is not a serkxfi problem. 
so in the process of FIGl 20c. a pseucto random nmtoerR has been used as a pseudo vari£^ 

value each time of exeoutk>n of the proces& Howaw. as the pseudo variable, any M 

mth it takes a cfifferent vakie each time of execution of the process. 

Modif icatkm tV 

55 

In the f Irsi fllustralive mnbodimem. the decryption of s^splkatton is achieved by software. For this purpose, the con> 
trover 100 has to read the user secret key SKu from tie IC card 5 through the bus 102. wNc^ possibility of 

permitting a breaker to easfly steal the user seaet key SK^ through the bus 1 02. In order to prevent this* the process 
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achieved by the steps 604 through 608 may be redized by haf^^ 21, which is a block diagram of 

an exemplary dectpherer-ixiilt-in IC card IF. In FKjL 21, the deciph«rer-bul!tHn IC card IF 120a conprtses an IC card 
receptacle 121 and a printed wirins board 1 22 extencfing from and fixed with the receptade 121 . An IC 123 is mounted 
on the printed wiring board 1 22. The IC 1 23 comprises a menwy IF 1 25 which usually connects the memory of the IC 
card 5 with the bus 102 and. in response to an instructkjn from the contrdlerlOO, reads and passes the key ^ to the 
next stage: a decoder 126 for receMng the key Sky and encrypting e1{PKu,Ky)w!ththekeySKutoyi^Ky;ai«lan 
AP decoder 127 lor receiving the key and encrypting e(K^ AP) to yiekJ appficatran data (AP). The printed wiring 
board 122 portk)n may be preferably mowed together with the iC card recept^ 
a single body. By dotng this, leakhg of the user sewet key SK,^ can be prevwted. 

This modrication can be also appfied to a system 1 using the ayptosystem of Fia 20a In tte case, the 
decoder 126 of FIG. 21 has to be replaced with a decoder 126a as shown in Fia 22. In Fia 22. the Kv decoder 
1 26a decrypte the input data el (PKu, R 4 e2(R. K^)), from the bus 1 02 by uskig the user secr^ key SKu passed by the 
memory IF 125 to obtain R ^ e2(R, Ky), wNte decrypting the obtained data 62(a Ky)) with the obtained random nunte 
R and outputting the key 1^ 

Enrtbodiment II 

FIG. 24 is a bkx* diagram showing an arrangemem of a system cap^ of playing 
age. e.g.. a CVD on the terms c( use of the DVD without oommunicatirig wtth any aen^ aooonting to a second illustra- 
tive embodknent of the Inventkx). in Fia 24. the system la is klenticsri to the dient 2 of FIG. 1 except that the 
communicatkin IF 150 has been etiminated because of no need of comnuink^^ 

has been replaced with a controller 100a. In the controfler lOOa. a not-shown ROM for storing a control proyam as 
described later mi the EEPROM 1 03 have been also replaced with a new ROM (not shown) and an EEPFtOM 1 03a. 
In ortter to play a role of the server 8. the system 1 a has to have table 60 of FK3. 6A in a^ 
the EEPROM 1 03a aid an application duration (play time) for each appiks^ 
be included In tfie control data of each appScatkm packaga 

FIG. 25 8chematk»ny shows an exemplary a)ntrol program executed by 
oonM program of Fia 25 is also kfentx:al to thaft of Fia 5 except that the ded^ 
efirnrnated becttise the limft-attached play nxxJe Is not SMPported by the eyst^ 
650 and 800 are replaced with steps 650a and eooa. Accordingly, operas 
lowing. 

If the lower (igitd the temis^Hise(7T0U) code is 0 in the decision step 514^ 100a 
plays, hflie free mode, the appficatfon stored in the selected appl^^ 
It should be noted that since the system la does not have the chaityed play mode, t^ 
defined as folfows. 



Higher digit of tenns-of- 
use code (Hexadecimal) 


Corresponding imrt value 


Playmode 11 


0 


None 


Free play nrKXto 


2 


Effective date and &ne 


Limft*attached pfay mode 


3 


Alk9wabie expiratkMi date and time 




4 


Maximum amount of used perfod 




5 


Alk}«wabie access count 











Accordingly, if the lower digit of the TOU code is not 0 in thededskxi step 514. then en step 800a the controfler 100a 
plays, in the fimit-attached play mode, the applkation stored in the selected appfcalkMi in step 506 or 512 and ends the 
operatxxi. 

Fl(3s. 26 and 27 show an operatton of a free play mode shown in step 650a of FIG, 25 in 
ther detailed form, respectively. In FIG. 26. the controller 100a executes ai inrtiai routine 80a in step 660a. in step 670a 
executes an expected play time intomiing routine, and in step 680a executes an application play and metered play time 
report routine. 
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As shown in F(Q. 27, in the ^vttal routine 80c. the controfier 1 00a searches the tat]le 60 for a record which ocvrtains 
ViDy and NOy^ in the vohime ID and issue No. fiebs thereof, respectively ki step 86. If the search is unsuccessM. then 
the oontrofier 100a adds the record tor VI Dy and NOv.i ^ ^'^^ relevant fields with MD^ and a limit vakie. if any; in the 
table 60 in step 88. and proceeds to step 90. Also, ff the search In step 86 is suocessfu 
5 90, where the controller 100a selectB a routine to e»Bctite next aocordv^ 

selected routina !n this case, if the TOU code > xOH (x: an arbitfary HEX nurrb&r, the letfer H In the last position incfi- 
Gates that the preceding nunt)er is in hexadecimal), then a routine tor playing an ^icatxxi tree of charge is selected, 
if the TOU code 2 xlH. then a routine is selected whichpiaysanapplicatkyionty if the software nneter of a use-linit^ 
factor is under a preset valua 

10 The e)9)ectedpriyt!nr)einfonrrdng routine 670a is idetticai to ^ 10} mmsoorranurBcation steps 

93 and 94, coning the above described steps 91 . 92 and 95. SimBarty. tt is seen from FIQs. 1 1 and 13A that the 
atxve de8a%)ed steps 620. 622. 624. 210 and 218 are executed in this order in the timed pby and metered usage 
report routbe 680a. ki this way. the system 1 a permrts the user to play the appScatton stored in the selected ^k^tion 
(steps 506 and 512 of FIG. 25) free of charge. 

IS FIG. 28 is a fkwtf chart showing an operation of a limit-attached play mode shown in step 800a of FIG. 25. Since 
this operation is very similar to that of FIG. 19. only the flow is briefly described, omrtting the details of each stap. In FIG. 
28. contrdlerlOOa first makes a checl( if a meter associated with the TOU code has reached the Mt 
with the TOU code. If so. then the sender returns an overHmit massage to oontroHer 100a in step 820. Othenmse. the 
controHer I00a proceeds to the ejqaected play time infomiing routine 828a 6^^ 

20 the above described steps 91. 92 and 95. and then cans the applk:atoipteysubro^ 

plettng the operation. StfK:e the appfication play subroutine 600 has been detafled above, further descripti^ 

In this way. the system la pernfvts the user to play the ^)prication stored in the selected app^^ 

of FIG. 25) only if the limit value associated %wth the TOU code assigned to the volume or the user-specified application 

has nc^ been reached. 

25 According to the second embocfiment the system la cm operate in either of the free play nrade and the limit- 
attached play mode without the need of cornrnunication witf) a server. ^ 

Modifications 

so In the above descrption. the illustrative entxxfiment has been descrtoed in oorijunction with the DVD. The same 

<fi5cussion can be applied to such pacta^e media as permit write once a more. 

Fitfther. the presertf invention is also appfcable to appfeatkxipacKag^ IntNs 

case, the distnbuted appOcation pacteges are stored in a buB^ storage ei the user's devtoe. An ^3pitcation package 

comprises one or more appffcation and application control data, that is. an application descriptor and distribution 
55 desoptor. One volume is stored as a file. Since a ptorality of appficatton package m^ be stored in a singie storage. 

each application package (toes not have to contain a control pcograni One coning 

vto eithw package or transn^ssron rnecfia, is enmjgih tor one user dev^ 

packages ere stored is set for a user specified one in the control program when the control program is installed. The 
data to be recorded in the di^rtoutiondescrqstor is indudedntt^^ application p^tege by the provider aocorcfing to the 
40 information given by the user. 

As descrtoed above, one who is perrnrtted to use an application package is nm^ 
stores a i«er seaet key SKu corresponding to the user piirfic key PK„ used tor »K3^^ 
in the application package. For Unas, even if someone has unjustly obtatoed an ^sptoation package, for eocanple. by cop- 
ying the whole voltmie from the [M) on whtoh the volume is recorded, he or sh^ 
45 the owner d the OVD. Thus the inventive system can prevent unjust use of an appii^ 
by any olher person than tt>e regular Mmer of the application pacfoga 

Also, the ffiventive system is so ananged that most part of the c^k:ationpac^ in man- 

ufacturing process of tfie DVDs, whereas at least a part of the vdume control data (t.e,, the distrixition descriptor) can 
be dmennined at the time of. e.g. . distri)ution of ett:h o« the DVDs after the rn^ 
so tem flexible because control data can be easily changed without changing the stamper. 

In the initial routines 80a and 80b in FIG. 8A and 8B. the data transmitted with the senrice request may be 
encrypted in the sanie manner as in case of the transmeskx) of user's aecfit card nunnto 17. However, 

in case of the initial routines, there are a plurality ol data. These data may t)e encry^^ 

tfthe data to be encrypted are D1. D2.... then they are first encrypted with a k^R as foltows: 
55 e2(R. D1). e2(a D2).... 

Thenfunt)er encryption is made with a server public key Pl^asfblkws: 
e1(PKe. R * e2(a D1) * e2(a D2).....). 
In the process of Fia 1 7, the user may be authenticated by means of a public-key cryftoystem using a pair of 
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user secret and pil3lic keys (SK^. PKJ. In this case, the diM 2 signs the double-encrypted aeditcard nuni)er 

e1(PK^R + e2{aCCN0u)) 
wHh a signing key or the user seaet SKu after step 648. VVhite the se^ 
test key or the user pub<^ key PKu t>efore step 650. 

Instead of stormg a STKille server put3<ic key in the dt^^ 
the server public keys may t}erecovded. By doing this, it ts possible, for exanple. to setting a different charge de^ 
on the server public key which the user have selected by appropriately oon^^ 

Also. appficatk)npackages with an identkal votutne ID can have different server public ksys recorded. A piLvafityof 
toil center may be advantageously provided fa appfication packages of the s^ne titia 

In order to prevent any use of IC card by other person than the owner of the IC card, it Is pos^ to add. t>efbre 
the Sku reacting step 604, the steps of prompting the user to emer a passMiord through a hunwi IF 110 and pra»^^ 
to step 604 only if the entered password coincides wHh the user password PWu stored 

Though tf)e iC card 5 is used in the ^e embodiment, the IC cardlF 120 mc^r be replaced with a magnetk; card 
reader to penriittiro the use ol the magnetic card. Alternative^^ 
or her password each time the user uses the DVD. 

Insteffij of storing the user seart key SK^ in the IC card 5. the key Sku may be stored in non-votefile memory in a 
PWu-encrypted fomi h this case, the ksy SK^ is ot>tained by decrypting PW»,-encrypted SKu with a password entered 
k)y the user. 

The discussion of tfiree preceding par^)iaph6 are applied to the IC card use^ 
the server. Howerver. in this case the user has to be taken as the adnwntd 

Many widely different embodinnerits of the present hvention ^ 
and scope of the present inventton. It shouk) be understood that the present kiventton is not nmrted to the specTic 
entndffnem descrtoed in ^ spedficatk)n. except as defined 

A system tor permrtting only an authentic user to ptay a desired appfication contained in a distrtouted applicatton 
package in one of predetermined opeiatk>n. e.g., free ptay mode, charged mode^ Dnit-attached pl^ mode, etc. The 
system comprises a client tor piay«ig an applk»tk)n under the control of a server connected with the cSent through a 
conin uni calton network. The applfcatfon package (the volume) includes a dfetributton descriptor which conta^ mode 
codes assigned to the volume and the applications of the volume. The data of dstributton descri(^ is decided and 
stored in the descriptor at the time of d stnbufon of the vokime. This feature makes the system f lexiile. There s also 
disctosed a system operatalale without conmjnxating with a senw. 

Ctabns 

1. An appficatkm package for use in a system tor playing an application conte^ 
im)* the appltcatton package conprising: 

^ication data for at least one appTicatton; and 

vdurne control d^ for use in controlltfig said system, wherein said volun^ 

a vokime ID for idertfifying the kind of saki appfication packs^ (said volume): 

an issue number assigned In order of issue to each of the volunes of sakl Mnd; an^ 

appCfoation IDs each assigned to one of s^m least one applkattoncontakied In saklv^ 

at least a part of said vokime control data is to be added to said volixm after the oreatk^ 

saM at least a part of said ^roiume control data tndudes sad issue nijT^ 

2. An application package as defined ri daim 1 , wherein: 

sakt applk»tk)n data has been encrypted with an encrypting k^^ 

said at least a part of said volunie contrd data indudee a usei^ public fcey-eno 

key used. 

3. An appfk»tion package as defied in daiml.vi^etn said at least a part 

codes whfoh are assigned to said volume or sakj at least one app6catk)n and each ind^ 
with one of said volume or said at least one appOcatton to which the nv^ 

4. A package media on which an applk:atk3n psckage as defirad in daim 1 has been recorded. 

5. ApackagemediaofawriteK)ncetypeonwhk:han^icatx)npacl«H}easdefi^ r»st)e^ recorded. 
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6. A package media on which an appfication package as defined in claim 1 has been reooided wherein eaid at least 
a part of said volume control data is recorded in an area different from dala area where said appfication data is 
recorded on the package mecKa. 

7. A nriethod lor sending data with a raised security fr^ 
munication network, comprising the steps of: 

Ri said second device. 

generating a pseudo random number: 

transniminQ saki pseudo random nunrter to saki first deince; 

in sakififst device, 

enoryptmg saM data with said transmitted psajdo random m^i^ 

encrypting concatenated data consistv^ of said pseudo random nur^ 

pul3lic key of said second device hUo doUUe-encrypteddata: 

serdffig sakl doUsle-encrypted date to said second devk»; in 

decrypting said douUe-encrypted data with a seaet toy of said second de^ wh^ 

pubflc key into decrypted data consisting of a decrypted random number portk)n and another decrypted 

portion: and 

decrypting said another decrypted portk)n with scdd transmilt^ 

8. A nftethod f6r sending a pkjrality of pieces of data with a reused securt^ 
through a pubSc t^ecomnurecafon network, comprising the steps of: 

in saki second device. 

generating a pseudo landom number; 

transmltlSng said pseudo random nurT4)er to said first device: 

in saki first devk:e. 

encrypting each of said pieces of data with said transmitted pseudo random number into an encrypted 
piece of data: 

encrypting concatenated data consisting of saki pseudo random nunter and said encrypted pieces of 

data wHh a public key of said second de/ice into double-encrypted data; 

sendng sakf dotisle-encrypted data to sakj second device; in saki second dev^ 

decrypt»>g sakJ double-encrypted data with a secret key of saki second d€Mce 

public key hto decrypted data consistin g of a decrypted random nunrt)er portion and pturality of 

decrypted data portk)ns; and 

decrypting each of saki decrypted portions wi9i said transnvlted ra^^ 
data. 

9. A method as defmed in dam 7 or 8, further comprising the steps, ewcuted after sa^ 
ble-enaypted data, of: 

proceeding to a next step only if sakj decrypted raridom rHjni>er portksn coinckies w^ 
random VAxrber: and 

sakJ second devk:e irifomiing sakj first dence of a Isdure 01 deayptkjn 
tion does not coinckle with saki transmitted pseudo random nmber. 

10. In a system provkled wHh means for playkig an applkatfon contained in an appficatfon package, a mettiod tor per- 
milting a user to play an encrypting key'-^icryptedapplk»tk>n cc^ned in a distributed cqpplicatton p^:kage which 
further contains, as volume control data, a user's pubSc key-encrypted encrypting key so encrypted as to l)e aUe 
to be decrypted with a secret key of the user into saki encrypting toy. the rnet^ 

read»g said user's pU>lk: key-encrypted encrypting key from sakj distributed flispficalion package (saki >ol- 
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ume); 

obtainrng said secret key; 

decryptir^ said user's pddic key^encrypted enaypting key with said secret key to obtain said encrypting key; 
and 

decrypting said encrypting key-encrypted applicatkxi with said obtained encrypting key into applkafion data 
whtte passing saki applk^tion data to sati means for pla)mfig 

11. lna6ystemconpri8{ngad^er1tpfo^^edwnthmeanstxptayi^ 

aiKf a server connected with the dient through a oommunication network, a method for pemvtting a user to play 
one of encrypting key-encrypted app(k:atk)ns contained in a distr^^ 

as volume control data, a ^ume ID for identifying the kind of said cSstrixJted appfication pack^e (said voliffne). 
an issue number rssued to each volume of the kind In an Issued ofder and appikatm IDs. the method conpr^ 
the steps Off: 

saki cfient reading said volume ID. said issue number and an appficatkjn ID for sak^ one of encrypting key- 
^Krypted applk:8tk>n6 (said encrypting key-encrypted applk^tion) from ssad volume and senc&ig to saki 
server; 

in said server. 

retrieving sakI encryptng key by using saki vokime ID; 

retrieving a pub&c key of sakj user by using saki volume ID and sakf issue rumber; 

generating a pseudo random number; 

double-efKrypting sakJ encrypting key with sak] pseudo random number and sakI public key into a 
double encrypted data; 

s^ing sakJ double-encrypted data to said dient; ki said dient 
obtaining a secret key of saU user vvhich coiresponds to sakJ public key; 
ot3taining sakj encrypting key by decrypting said doubie-en^ 

decrypting sakl encrypting ley-encrypted applk:atx)n with saki obtarod encrypting key Into appik;a- 
tkm data whfle passing said applk:ation data to sakJ fneans for 

12. A method as d^ined in daim 10 or ll.whereai saki means kx obtaining a seor^ 
said secret tey from a port^e memory (tf saki user. 

13. A method as defined ffidaim 12. wherein saki portable memory Is an 1^ 

14. In a system comprising a client provWed with means for playing an applkatfon package and a sen/er connected 
with the dient throughaconHnunk»tk)n network for con^ 

t£dning. as vokm^e control data, a vdiMne ID and an issue number issued to each of the volumes of saki volume ID 
in an Issued order, a method for controlling the amoum of play tiine Go^ 

saki dient sending saki volume ID and saki issue number to saki server; 
saki server retried an expected pl^ tinw associated with saki volume 1^ 

saki server ackJing saki eaqdected play time to the vakm of a total play time «s^ ID and 

saki issue number. 

15. In a system conpriskig a dient provided with n^eans for playing an appfi 

and a server connected with the dient through a coitimuntealk>n network for oontroing the dient the ^catfon 
package (the volume} contalnkig. as volume oontrd data, a volume ID. an issue nimiber issued to each of the vol- 
umes of saki volime ID in an Issued order and an applk:ation ID tor the appficatton. a method tor controlling the 
amount of play time cofiprising the steps of : 

saki dient sencSng sad volLtfne ID, said issue number and saki applicatkNi ID to saki server; 
sakd s^ver retrievii^ an e)q)ected pl^ time associated with saki volume ID. saki Issue number and saki appli- 
cation ID; and 

said server ajcfing saki e)q;>eded play time to the value of a tola^ ID and 

saki issue number. 
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16. In a system compristng a ciient provided with means for piayhg an application contaffied in an application package 
and a server oomeded with the cfient throjj^i a communicalion netvwrti far oontrottng the cfient, the applkaitoi 
pacta^e (the vDltme) containing, as volume oontiol data, a 

volumes of said volume ID In an issued order, a method far oortrolBng the amoum of ptay time compri ^ 
of: 

said cfient and said server interactively measuring, as a measured play time, a play time of said application: 
and 

said server adding said measured play tnie to the value of atdal plcy time associated with said volume ID end 
said issue number. 

17. Amethodasdefinedinclaim 16, wherein saidetepoffneasuringaplfytimeoonv^^ 
said server. 

1& A method asdefinedinclaim 16, wherem said stepofnmsuringapl^timeoo^ 
said client 

19. In a system conprising a cient for playing an appfication package and a server connected with the dient tt«x>ugh 
a comnumatfan netvMxk wherein the application package (the vokmie) comprises appficatfan data and control 
data and at least a part of the control data has been added to the vokime after the crealfan of said vofame, a 
method far sending desired data from one side of said diem and said server fa tte 

ing the steps of: 

Including a seaet key of said olher side in said at lest a part of said control d^ 

in said other sfae. 

generating a pseudo random ni»i1>er: 

transnvtting said pseudo random nurrber to said one skfe; 

insaidoneskie, 

encrypting said desired data with said transmitted pseudo rsidom niOTber etto encrypted data; 
encrypting concatenated data a>nsisttng d said pseudo random number &id ^ 
saM pubTic key of said other skle into double-encrypted data: 
sending said double-encrypted data to said other side; 

in said other skle. 

decrypting said double-encrypted data with a secret key d said other side wtik:h corresponds to said 
pubfc key into decrypted data consisting of a decrypted random nunrfaer portion and andher 
decrypted portfan; and 

decrypting sakj another decrypted portion with safa tans^ 
data. 

20. A method as deTined In daim 19. wherein sakl generating a pseudo random number indudes storing said pseudo 
random number in memory, and wherein ttie method furtiier comprises the step, executed prfar to saki decrypting 
said another decrypted portion, of: 

in response to a cleterrnnation that sakI decrypted random number portion does nd coined 
random mimber stored in sati rneans far storing sakJ pseudo random nunt>6r stored 
sakj one side of a failure n decryption kistead of passkig the a)ntid to nesd 

21. tn a system conrprsing a diem provkled with mears far playing an applk^ 

and a server conneded with the diem ttiroug^ a communication networK a meM 

apptoition contained in a distrfauted application package whfah furtiier oontainsi as vdume control data, a volume 
ID tor klentifying ttie W nd of sakl distrfauted applicatfan package (said vdimie) , an Issue number issued to each vol* 
ume of the kind in an issued order, and an appfication ID for said ^k^tioatiie method comprising the steps of: 
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proceecBng to a next step only if the value of a meter field as80CfatBd wHh said volume n). said issue nutttet 
and said cqaplication ID ts under the value of a Knfiit value field associated with said volume ID, said issue 
number and said application D in a volume data table; and 
displaying a message forming an overlimH on a dsplay device 

22. In a systoTicoopnsing a diem provided with means fvpiayi^ 

and a server connected with the client through a oommunication netiwrK a method tor permittin g a user to play an 
application contained in a distrtxited application package which further contains, as vdume cortrol data, a volume 
ID tor identifying the kind of said distributed application package (said volume), an issue number issued to each vol- 
ume of the Mnd in an issued order, an 43plication ID for said application and a limH valued 
application, the method conpfising the steps of: 

proceeding to a next step oify ff the vaiueof a meter field associated with said volume ID. said issue nunt>er 
and said application ID in a volume data table is under lintit value: an^ 
(fisplaying a message informing an overtinvt on a display device of 

23. A method asdefinedindaim 21. wherein said limit value is oneofeffoctive^^ 
and tirne. a ma)dnfiuii amount of pl^ tinne. and an allowsdble access 00^ 

24. A method as d^ned to any of claims 11. 15 and 16, wfwrein said step of said cGent sending to said server com- 
prises the steps of: 

said cfiem encrypting at least one of said votornelD« said issue nuRtoera^ ID into encrypted 

data: and 

said senw decrypting said encrypted data. 

25. A system for sending data with a raised seorityfnom a M device to a second 
nicatton network, oonpristng: 

means provided m said second device for generating a pseudo random number; 

nieans provided in said second devfoe for transniftti^ 

means provided in said f list device for encr^ng said data wi^ 

an er»crypted data; 

means provided in said first device for encrypting ovicalenate^ 
and said encrypted data with a pubto i(ey of saki seoond device into dO(^ 
means provkted in safclfffst device for sending sakfdoub to e ncrypted data to sa^ 
means provktod in said second device for decrypting said double-enoryp^ 
ond devk:e which corresponds to saW pijtolk: k^ into decrypted data 0^ 
portkx) and another decrypted portion; and 

means provkied in sakJ second device for deaypting said decr^ 
dom nuni)er to obtain sakj data. 

26. A system for sending a pluraKty of pieces of data with a raised secitfity irom a first devfoe to a second device 
through a pubTic telecommunkatton netwotK oon^sing: 

nr^eans provkted in said second donee for generating a pseudo random numtDer; 
nteans provided in sakf second device for transmitting said pseudo 
mearis provkied in said first device for encrypting each d sud pieces of d^ 
' dom number into an encrypted piece of data; 
means provided in sakf first device fbr encrypting concatenated data cons t 
and saki encrypted pieces of data with a pU)(ic key of said second (tov^ 
means provkiedrisakf first devk» for sending said double-encrypted data to sakf second devk:e; 
means provided m sakf second devfoe for decrypting said doUsle-encryp^ 
ond devfoe wf^ corresponds to sakf public ki^ into decrypted data consstin^ 
portfon and saki plurality of decrypted data pofltons: and 
nrieans provtoed in safo second device for deaypting each of saki decry^ 
dom mintber to otnain said (»eces of data. 
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27. A eystem as defned in daim 25 or 26. futher oonprising: 

means, provkted m said seocmd devicQ, activated prior to decrypting each of said decrypted portions and 
responsive to a determsiation that said decrypted random nunt>6^ 

mitted pseudo random number, for infonntng said frst dei^ of a fafiure in decryption instead of passing ttie 
control to next means. 

28. A system for pU^ng an «icrypttr^ Key-encrypted applicatiOT contained in a 

fiflHier contains, as volume control data, a user's pubfic key-encrypted encrypting key so encrypted as to be able 
to be decrypted vwth a secret key of the user into said encrypting kg^^ 

means for reading said user's public key-enaypled encrypting key from said dstributed i|3plicatk)n package 
(said volume); 

means for obtaining said secret key; 

means for decrypting said user's public key-encrypted encrypting key with sM seaet key to obtain said 
encrypting key: 

means for decrypting saSd encrypting key-encrypted i«)pGcatk)n with sakf obtained encrypting key to provide 
application data; and 

means for using said appScation data for picking. 

29. A system for permrtthg a user to play an encrypting key-ericryptedapplica^ 
package which further contakis. as volume control data, a volunie D for i^ 
calkm pactaige (scud volume), an issue nuni)er issued to ee^ vokjme d t^ 
tk>n IDs. the system comprising: 

a cfient for playing an appScation vsmg application date; and 

a server for oontroliffig said dient through a oonvnunicalion network, wherein sakS dient comprises: 
means for reading and serving said vokin^e ID, said issue number and an application ID for said one di 
encrypting key-encrypted applicatksns (said e nc rypti n g key-encrypted i^icaiion) from said volume to said 
sen/er. said server oonprises: 

means for retnevkig said encrypting key by using said volume ID; 

means for retrievsig a pti^fic ioey of said user by using saki volume ID and said issue rHjnt)er; 

means for generating a pseudo random number; 

means for double-encryyMhg said encrypting key vMth said pseudo random nu^ 
a double encrypted data; and 

means for sending said doUsle-encrypled data to said dient and said cSem ox^^ 

means for obtainEng a secret key of saki iser which conresponds to said pu^ 

means for obtaining said ericrypting key by decrypting said douUe-encrypted data w^ 

means tor decryptkig saki erK^rypting losy-encrypted ^sptication with said obtamed encrypting key to pn>- 

vide applkalion data; and 

means for using sakl appficatkyi data for pti^ng. 

30. A system as defined in daim 26 or 29. wherein sakj means for obtaining a secret ksy conprises means for reading 
said secret key from a portable memory of saki user. 

31. A system as defined in daim 30» wherein said portsMe memory is ante card. 

32. A system for permitting a user to play a drstitxJtedapplicatksnpadcBgewhi^ ' 
data, a volume ID for kf entif^ng the kM of sakf <fistrixfted applicatkm padoge (saU volume) and an issue rwnber 
issued to each vokime of the kind in an issued oider. the system oomprisfng: 

a dient for playing said dstrtxrted application package; and 

a server for controlling sakf dient through a conrnjnkstkxi n^worK whereai: 

saU client comprises means for sending said vciiMm ID and said issue nuvrber to sakJ server; and 

sakj server comprises means for retrieving an expected play time associated wHh sakj vokime ID and said 

issue number, and means for adding said e}q>eded play time to the value of a total ^ 

sakj volume ID and saki issue number. 
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33. A system peimttdng a user to ptay an apptication contained in a distributed application package which further 
contains, as votume control data, a vokm ID for identifying the kind of said distributed app fc ation pactaige (said 
volume), an issue nuniier issued to each volume of ttie kind in an issued onier and an applicalion Dior the appfi- 
cation, the system comprising: 

6 

a dient lor playing said application; and 

a sender for controlling said c6em through a communication netv^ 

said dient comprises means for sending said volume ID. said issue nunte and said appKcatksn D to said 
server: and 

TO said server comprises means for retrieying an expected play tktie associated with said volume ID. said issue 

nurrter and said applicafon ID. arvi means for adding saMoqpected play tiine to the value of a total pisytirne 
associated with said volume ID and said issue nunfoer. 

34. A system for pemiHting a user to play an appHcafoi contained in a distrituteda^ 
76 contains, as volume contrd data, a volume ID for klentifying the Mnd of 

vDlun^). an issue number issued to each volume of the kind in an issued 0^ 
cation, the system comprising: 

a client for playing said applicatfon: and 
so a sen^ for a)ntrdlin9 said diem through a connnunk^dionneti^^ 

said dient and said server comprise mem for interactively measuing, as a measired play Ivne, a play time 
of said ^ication; and 

said sen/er fifliher conpnsds means for adding sakJ rneasued play ti^ 
ctated with said vdinne ID and said issue number. 

25 

35. A system as defned tn daim 34. wherein sakl means for interactively measuring a play time oonprises means for 
using a timer of sakl server. 

36. A system as defied in daim 34. vi^erein said means for imeracthfelyrneasuring a p^ 
50 using a timer of sakj dient 

37« A system fa permitting a user to play an applk»tk)npactege (the vofome)a)^^ 

data wherein at least a part of the control data has been added to the volume after the creati^ 
system corvprising: 

3S 

a cfient for playing said volume; and 

a serv^lor oontroll^ said cMent through a communicatfon netvuorK where^ said server conprises means for 
storing a seaet key of said server and said at least a part of said control data includes a public key correspond* 
ing to said seaet key. and wherein the sy^em comprises: 
40 nneans provided in said server for generating a pseudo random nurTt>er; 

means for storing said pseudo random number; 
rnearis provided in said sorver fa transmitting said pseucfo random n^ 

means provided in said dient for encrypting desired data with said ttansmftted pseudo random number into 
encrypted data; 

45 means provided in said dent for mTypting oorKatenated data consisting of said pseudo rarcfom number and 

said encrypted data with said pUjfa'c key into doUUe-encrypted data: 
nieans provkfod n said dient for sending sato doubte^encrypted data t^ 

meam provided in sakf server for deaypting said doUbie-encrypted data with saU seaet into decrypted 
data consisting of adeaypted ranctom numba portfon and anotha decrypted portton; and 
BO means provided in sakt server for decrypting sakf another decrypted portfon wHh saxi transmitted random 

number to obtain said desired data. 

38. A system as defined in daim 37. further comprising: 

55 means, provided in saki server, activated pria to said decrypting sakf another decrypted portion and respov 

sive to a deterniination that said decrypted raiKtom numt)a potton does not cd^^ 
rojmber stored in saU means fa storing said pseudo random number, for infot mai g said cfient of a laKure in 
decryptfon instead of passing tfie control to next means. 
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39. A system tor p&nitting a user to play an application contamed in a distr^od application package wNch further 
contains, as vi^ume controi data, a volune ID lor identifying the land said distrfauted applicatiOT pactage (said 
volume), an issue number issued to each volune of the kind in an issued order and application IDs. the system 
compriskig: 

5 

a diem for playing an application by using appTication data; and 

a sen^ for controinng said dient through a oomnuinication neiwoiK wherein said dient comprises: 

means for reacfing and sendng saxJ volume ID« said issue vmbet and an applicatkm iO for said one of 

encrypting key-encrypted applications (said encrypting key-encrypted application) from said volume to said 

TO server^ said server oonprises: 

nieans for proceeding to nad step only rf the value of a meter fieU associated wi^ 

nuntber and said application ID is tffvter the value of a limit value f ieU assodated with said volume ID. saki 

issue nunto and said ap^kaitx}n ID in a volume data table; and 

means for causing sakl dient to display a message infonrring an overfimh 

16 qurt the operation othenvise. 

40. A system for pennitthg a user to play an applicalion contamed in a dsbibuted ^spBcation pactege wtiich further 
contains, as vdume control data, a volume ID for ktentifying the kind d sakl distrtbuted s^Dplicatky) package (sakJ 
volume), an issue number issued to each vdume of the kind in an issued onder. application IDs and limft values 

20 associated with respective app5catk)n IDs for limiting the play of respective applicalfons, the system oontprising: 

a diem for playing an appficatfon by usmg appikation data: and 
a server for ointiolling saU diem through a a)mmunk»tion netw^ 

means for reading and sendffK^sakfvotumelD. saki issue nuniber.a^ ID for sakl one of encrypting 

2$ key-ertcrypted qpplk»tfons (saki enorypting key-encrypted applk:ation} and a imit vakie assodated with saiki 

applk»tion ID froms^ vokime to said server, and wherein said server o^iprises: 
means for proceeding to a next step only (f t^le value of a meter fiefo assodated with s£^ 
number and saki appficatfon D tfi a vdume data labte is under sad fnvt valM^ 
means for caudng said cfiem to display a message informing an overlimit 0^ 
30 quit the operation olhawise. 

41. A system as defined in daim 39, whereki said limit vi^ is one of effective date cndtim^ 
and time, a maximum anmit of play tkne, and an alkMvable access count 

35 42, A system as defined in any of clakns 29, 33 and 34. wfierein saki means for sending to said server ooir^ses 
means for encrypting at least one of saki vokime ID, sakf issue number and said applicatfon ID. 

43. A method for pa-mrtting an authenix; user fo play a desired one of the applkatfon^ 

catfon package in a system capskie of playing an applcatfon. wherein saki applicatkm package (sad vokmie) con- 
40 tains vohirneo^d data induding mode codes assigned to sad volume and the ap^^ 
method comprising the steps of: 

decdng to use one of predetenrnined play niKdes specified by one of sa^ 
desired appHcatfon; ofd 
46 playing sad desired appficatfon In sad specified play mode. 

44. A method as d^ined In dakn 43, wfierein the method further comprises the step of aiduding, ri sad mode codes, 
values Mxstive of a free play mode and at least one limit-attached play mode wt^ conrespoad(5) to respective 
fimit valu6(6) used for limiHng usaga 

60 

45. A method as defined in daim 44. wherein sad step of playing sad desired sqppUcatfon comprises the step of: 

ki response to a determination tfiat sad one of sad nvxie codes assodated with sad desired applicatfon 
includes a vafoe Indkative of saki free play mode, simply playing sad desired appficatfon. 

55 

46. A method as defined in daim 44. wherein sad step of playing sad desired appficatfon comprises the step of: 

in response to a determinatfon that sad one of sad mode codes associated with the desired applfoatfon 
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Includes one of values tnctothre of said at least one fimrt-attached play mode, displaying a measage to the 
effect Ifiat a limit value associated with said one of values has been reached instead of playing said desired 
appltcatfon if said fimit value has been reached. 

47. A method as defined in datm 43. wherein said volume control data further includes a volume ID, an issue nurrb&r 
and an appycation 10 for each of said applicationB. and whereki said step of d^^ 

play modes comprises the steps of: 

obtaimig said one of said mode codes associated with said desired app£ca1ion and corresponding limit value 
by using said app&cation ID: and 

conparing said one of said mode codes with a nrieter value associated 
andsaidappHcationia 

48. A method as defined in claim 45, wherein each of said applications has been each encrypted with an erxrypting 
key and said volume control data includes a user's public key-enaypted version of said encrypting key (a pubBc 
key-enaypted version encrypting key), and wherein said step of si^ 

the steps di: 

reading eaid user's public kay-encrypted encrypting l«ey from said volume; 
obtaining a user's secret key which corresponds to saM users pubSc key; 
decrypting saki user's pubGc ksy-enorypted encrypting key w^ 
key: and 

decrypting said deeired appfication with eaki obtained encryp^^ 

49. A system for permrttnig an authentic user to play a desired one of the applications contahed in a <£strixfted appli- 
cation padoge. wherein said application package (said volume) contains volume control data including mode 
codes assigned to said volume and the appik»tions of said vo^me, the system comp 

means for decidff^ to use one o1 rM'edetenriined play nfV)des spectfred t)y m 
with said desired application: and 

means for playirtg said desired application in said speoTied play mode. 

50. A system as deTined in claim 49. wherein the system forlher comprises means for ncfoding. in said mode codes, 
values indicative of a free play mode and at least one fimft-^ttached play mode whkii oorrespond(s) to respective 
fimit value(8) used for limiting usaga 

51. A ^em as defined in claim 50. wherein said means for ple^ said des^ 

means, responsive to a detemiination that said one of saci mode codes associated with said desired applica- 
tion includes a value incficatlve of said free play mode, for simply playing sakj desired applkation. 

52. A system as defined in dalm 50, wherein said nfieans for playing said desired ap^ conprisesi 

means, responsive to a detemination that said one of said mode codes associated with tie desired application 
includes one of values indicative of said at least one limit-attached play mode, for displaying a message to the 
effect that a \Mi value associated with said one of values has been reached Instead of playing said desired 
application if said limit value has been reached. 

53. A system as d^ined in claim 49, wherdn said volume control data fitfther tndudes a volume ID« an issue ni^tfoer 
and an appGcation ID for each of said applications* and whereto sak:! n^ns tor ded^ 

mined play modes comprises: 

means for obtairiing sakl one of said mode codes associated with saki desired ^ 
fimit value by using said applicatfon ID; and 

means for conparing said one of said mode codes with a meter value associated with said volume ID, said 
issue number and said applicalion D. 

54. A system as defined in claim 51 . wherein each of said applicatfons has been encrypted with an encrypting key and 
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said volume control data tnckdes a user*6 public key*encryi^ed v&^kjn of said encrypdng key (a pubfic key- 
encrypted version encrypting key), and wherein said means lor eirrply playing said deseed application comprisee: 

means for reading said user^ pubOc kay-^iorypted encrypting key from said vofajme; 
means for obtaffraig a user's secret key whicti conesponds to sani iter's pubBc key: 
means fv decrypting said user's pUilk; key^-encrypted encrypthg ka^ 
enaypting key; and 

means for decrypting said desired application with said obtamd encrypting key. 

55. A mettiod for pernrvtting an authentic user to piay a desired one of the appl^^ 
cation package in a system conprtsing a dient caps^ of playir^ an app&cati^ 

cfient through a communication networK wherein sad applk»tion package (hereinafter referred to as "^said vol- 
urnel oxitains volume cocitrol data indudhg nrxxto codes assigned to sa^ 
ume. the method comprising the steps of : 

said diem deddng to use one ol predeternwied play modes specified 
with said desired applicatfon; and 

playmg said deseed applicalion in said specified play nxKfo by mea^ 
said server. 

56. A method as defined in daim 55. wherein the mett^ further comprises the step of ffK:luding. in each of said mode 
code, a value ind«ative of one of a tree play mode, a charged ptey mode and al least m 

wherein said vokxne control data further comprises a Iknlt vakje associated with each of said at least one firnit- 
attached play mode. 

57. A method as defined In daim 55 or 56, wherein said volume control data further inckjdes a volume ID, an issue 
numbe, and an appTicatfon ID for each of said s^icationsi an^ 

tkx) in sakJ speckled play mode Modes an appGcattonpfa^ £9]plicatfon. 

58. A nwthod as deftrwdNi daim 57. wherein eediol said applications conte^^ 

has t>een encrypted with an encrypting key and said voliOTie contrd data includes a user^ pubfic key-erKrypted 
version of said encrypting key (a public k^-encrypted version encrypting key), and wfierein said appfication play 
step comprising the steps of: 

reading said user's pubfic key-encrypted encrypting key from said volume; 
obtain»Kl a user's seaet key wt«ch corresponds to said users pubifo key; 
deorypfing said users pubfic l^-encrypted encrypting key with sakJ user^ seorel key 
k^:and 

decrypting said desired appfication with said obtained encrypting key. 

59. A method as defned in daim 57, wherein each of said appfk^tions contained k\ a dlstnlxited eqsplkstion package 
has been encrypted with an encrypting key and said volume cortrol data mfodes a user^ public kay-encrypted 
veision of said encrypting k^ (a public k^-encrypted version encrypting key), and wherein said ^)priGatfon play 
step conprises the steps of: 

insaidserv^. 

retrieving an encrypting key by using said volume ID; 

retrianng a useTfe public k^ assodated with said vohirne ID and said issue nun^ 
doitile-encrypting sakJ enciTpting key with a pseudo ran^ 
ble encrypted data; 

sending said double-encrypted data to said dient; in said cGent 

obtarsng a user's secret key wtiich corresponds to said user's pii^iic key; 

ob^ing said er)crypting key by decrypting said douUe-encrypted data with said vsett secret key: 

decrypting saki desired application with said obtained encrypting key. 

60. A method as defined in daim 57. wherein sakJ step of playing said desired appiicationfurthef comprises the steps, 
executed prior to said applicatkNi play step, erf: 
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said server retrio^ing an expected play time aseodated wHh said desired appfication; and 
displaying said expected play time on a cfisplay device of sod cItenL 

61. A method as defined In daim 57, wherein said step d playing said desired 
of: 

measuring, as a measured play lime, a duration of said application play step; 
addtfHI said measured play time to a play time rneter associated «^ 
of play time; and 

displaying said measured piay time and said total amount of play time on a (fisplay de^ce of said cfient after 
said ^icalion play stepi 

62. A nrathod as defoiad in daim 61. wherein saki step of measuring a durati^ 
play time by using a timer of said server. 

6a. A method as defined in daim 61. wherein said stop of nrieasuring a duration 0^ 
play time ifiing a timer of said dient 

64. A method as defined in daim 57. wherein said dep of deciding to use one of predetermined piay modes oomprises 
deciding to use said charged play mode if said one of said mode oxJes assoctt^ 

indudes a value indicafive said charged play mode, and wherein said step of playing saki desk^ed appticafion 
comprises the steps of : 

said diem obtaining and sending a aedtt cat! number of said user to said serv^ 
proceeding to a next step only if the aecfit caid of said nunter is found to be va 
dated credt oompany; 

(fispl^ring. on a display device of said dient. a charge 1^ 

of said application play step and a total anxum of play charges after said appficatton play st^ 
said sen/er charging said play to said credit card number. 

65. A method as defined in dalm 64. wher^ said step of playing said desired appe^^ 
prior to said application play step^ of: 

displaying, prior to saM application play step, an expeded charge and an 
said display device; and 

letl^ the user decide whether to play said desired Qspiication. 

66. Am6thoda5defkiedindaim64,whereinsaidstepofs8idcliemobtainingan^ 
user to said server conprises the steps of : 

in said server. 

generating a pseudo random number; . . 

storing said pseudo random nunber in mmory: 
transmitting said pseudo random number to said dtent 

in said dient 

prompting said user to input said credit card number; 

doU3le-encrypting said crecSt card number first with said transmrfted random number and then with a 

sever's public key included in saki volume control data into a double-encrypted number: 

sliding said double-encrypted nimtoer to sakI server; in said sen/er. 

decrypting sard double-encrypted minber with a server's secret key into a decryptiadrand^ 

another decrypted data; and 

decrypting saki another decrypted data with saU transnvtted random number to otoin saU crecfit card 
number. 

67. A method as defined in daim 66, whereki sad step of sakj dient obtaining and sending a ae^ 
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user to said server further cornprises the steps, executed prior to said step of decryptino said another encrypted 
data, of: 

pnoceecfing to a next step only if said decrypted random nurpber ocwKides with said pseudo random number 
5 wfwh has been stored in said memory; and 

displaying a message informing a faikire in decryption and quitting the operation othenrvise. 

68. A method as ddined in dakn 57 wherein said step of deciding to use one of predetermi^ 

deciding to use one of said at least one Enut'^ttached pley mode if said one of said mode oodes associated wHh 
10 said desired appTicationindudes a value indicative of said one of sa^ and 
wtterein said step of playB\g said desired applicafion oonprises the step 0^^ 

in response to a determination that a meter value associated with said one of said mode a)des ass^^ 
said desired appScation in a record identified by said volume ID. said issue number mi an e^sf^caton 10 of 
IS said desired application in a volume data table has reached a limit value associBted with said mode code, dis- 

playing a message inlbnnnQ an overimit on a display device of said die^ 
play step. 

69. A method as defkied in claim 68. wher^ said Rnf^vakie is one of effective date a^ 
20 and time, a maximum amoint of play time, and an allcMrable access count 

7a A system for playing a distrixrted application pactage in one of predetermM 
wherein the appfication package contahs a data set encrypted wHh an erKTyp^ 

each of at least one appHcalion and volume control data for use in contro^ng operation of fhe system and the 
26 sender and the voiun>e control data inchjdes mode codes defnhig said play modes, tie system ccmprising: 

means for pernitting a user to select one of said at least one ^jplication of said 

means for deciding to use one of said predetennned play modes associated with one of said mode codes 
assi^ied to said selected application; and 
30 means for playing said selededappicatbn in said seleded play mode m concert wi^ 

71. A system as defined in daim 70, wherein eachofsakf mode codes includes one of values for a free plE^ mode, a 
chaiged play mode and at least one limit-attached pisy moda 

as 72. A system as dersned in daim 70. whereki said volume control data further indudes a vokmie ID. an issue number 
andanappOcatfon ID for each ol said applications, and wherein said means for playing said sde^ 
said selected play mode at least comprises: 

means for settffig said server for said seleded play mode by serKikig to said sen^ sM 
40 number, and the appHcation ID and said mode code associated with said selected application; and 

application play means for senply playing said specified application. 

73. A system as defined in claim 72. wherein said vdume control data further 
encrypting key. and wtterein said appGcation play nieans conprises: 

45 

means for reading said user^s public key-enaypted encrypting key from said volume: 

means for obtakiing a user's secret key which corresponds to said user's pubb'c key: 

means for decrypting said user's pul3lk; key-ercrypted encryptk^g k^ with said user's seaet key to obtain said 

VK^ypting key; and 

so means for decrypting the K-^ncrypted data set of said selected applk:atfon^ 

74. A system as defined in daim 73. wherein means for decrypting saki user's pi^ key-encrypted encrypting key and 
said means for decrypting the K-encrypted data set are realized as an integrated drcuit 

55 75, A system as defined in daim 72. wherein said ai^icatkxi play means conprises: 

means for receivfog dout)le-enaypted data from saU sen/er; 

means for obtaining a user^ secret key which a>n'espond8 to sakf user's pU36c key; 
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means for obtaining said encrypting key tjy decrypting said doubte-encrypted data with said user's secret toy; 
and 

means for decrypting the K-encrypted data set <rf sakJ selected appficalion wrth said obtah^ 

6 76. A system as defined in claim 75, wherein means for obtaining said ena 
the K-encrypted data set are reaiized as an integrated circuit 

77. A system as defined in dalm 74 or 76. wherein said integrated circuHi^ 
a user% secret key. 

10 

78. A system as defined in daim 73, wherein said n^ans for dedding to use one comp^ 
a free p(ay mode and wherein said meare for pl^ng sakl selected appficatto 
said application play meansi of: 

IS means for receiving data from said server; and 

displaying said data as an expected ptay time for said selected apptcalion. 

79. A system as defined « claim 73. wherein said means for deciding to use one of said predetenmiod ptey modes 
conprises nneans for deciding to use a free play mode, and wherein sai^ 

20 tfon further conprises: 

means for causffig said sender to obtain, as a measiared play tinie. data of a opeiBl^ 
play means: 

means for receiving firet and second from said server: and 
25 means for cEsplaylngJust after the conpletion of operatfon by said epplicc^ 

ond data as said measiffed r^y time and a total amoum of ^ time, data » 
total amount of play time. 

80. A system as defined in claim 79. wherein said means for causffig said sen/er to obtam 
30 conpr^ means for inforn^ said server g4 the start and the end cf operation fay saa^ 

utifize a timer of said server. 

81 . A system as d^ined in cfaim 79. wherein said means for causing said server to oMain data of a operation period 
comprises: 

means for measunng said operation period d said application play rn 
means for sending said operation period to said server for use in a calculi 

82. A system as defined in daim 72. whereki said means for ded(^ng to use one comprises means for deciding to use 
40 a charged play mode and wherein said means for playing said selected 

means for obtairHng and sending a aedit card number of said user to said serv^ 

nteans responsve to a verif icatron result of said aec^ card from said server for starting a next process on ly if 
said residt is positive; and 

45 nieans for dtsplaybg a charge lor play decided based on a measured play time of said ^ 

and a total annum of play charges after operation of said appfication play rnean^ 

83. A system as defined in daim 82, wherein said means for playing said selected application further comprises: 

60 means activated prior to operation of said application f^ay means for displayvig an expected charge and an 

e)pected total amount of charges and letting the user decide whether to 

84. A system as defhedtfi daim 82. wherein said volume control data of saM 

indudes a sei/er's public key, and wher^ said means for obtairnng and sending a aedft 
55 to said server comprises: 

means for prompting said user to irput said credit card fttirrfoer; 
means tor receiving a random number from said server; 
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meaf« for obtaining sa^&erver'e public key ffxxn said vohmie; 
means for double-encrypting said orocfit card nunr^ 
public key into a double-encrypted data; 
sending said double^encrypted rHsrrber to said server; 

6 

85. A6ysteniasderuiedinclann84. wtiereinsaidnneansforsaiddlentob^^ 
said user to said server furlher comprises: 

means responsive to a positive resutt of fEUidom number check from said senior fv 
10 means responsive to a negative result of said mndom Hunger check from sakj server for d«^ 

indicative of a failure in said random nunf4)er check and quittHH) 

86. A system as defined in dakn 72, wfierein: 

15 said means tor decidlfig to use one comprises means tor deciding to use a lim^ 

said sending to sfiad server includes sending a limit value assodaled with said nvde code, and wfierein said 
means tor playing said seiected appHcatton further oonprises: 

n^ans operative prior to operation of said application play means for receiving from said server a lirrat cfieck 
result indicative of whether a limit value associated with said mode code has been reached; and 
20 means responsive to an gw Iknt case of said resutt for startvig a next operatfoa 

87. A system as defined in dakn 66. wherein said lirnitvakie is <me of effective 
and time, a maxin«jm amount of play time* and an alkiwalsle access oou^ 

25 88. A system for controlling through a conmimkatfonn^wofk a diem de^ 

in one of predeterrrwied play modes, whereei the appficatton package contains a data set encrypted with an 
erK^rypting key (a K-encrypted data set) for each of at least one cqipti^ 

troliing operation of the system and ^e diem and the voh^ control data includes a volume si issue nurrber. 
an application ID for each d said appficattons, and a rnode code for sakivolunrie or nude codes for sM 
so tions. the system oorrprising: 

volurra data table for storing, for each volume, said vc^ime ID, said issue number, said mode code for said 
ume, and said applicatfon ID and said mode code for each of said appficatfons; 

means for receiving a s^ce request a vokime ID. an issue number, an api^cation ID and a mode code and 
36 other (tela from said dient; 

means for storing saki received applfoation ID, said received mode code and other data in appropriate fietos of 
a record identified by said volurne ID and said issue nuTfoen 

means responsive to a determinatfon that there is no record identified by said volume ID and said issue number 
in sffld vdurne dala table for adcfing said record in saki vokjme data 1^ 
40 ID and mode code and sakJ other data In relevant fields of sakt record; and 

means operath/e on the basis of sati received mode code for decking to subsequ the control to 

means for SMpporting a play rnode associated said received iTtode coda 

89. A system ^defined in claim 88. wherein saki means for s^sporling a pfoyn^ 

45 porting applicatfon play means, of dient for sinrply playing an applicatfon klentified by sakf received application ID, 
and wherein sad means for si^^porting sakl appBcatfon play means of saki dient comprises: 

first means for associating a given volume ID with a conresponcf ng encrypting key; 
second means for associating both a given vokime ID and issue number with a oonesponding user^ public 
« key; 

means for retrieving an encrypting key associated with said rec^ved v^ 

means for retrieving a user's public key associated wHh sakf received votune ID and issue number from sakf 
second means; 

rr^ans for doude-encrypting sakf encrypting key with a pseudo random nu^ 
S5 a double encrypted data; and 

senSng sakf double-encrypted data to sakl dient 

90. A system as defined in daim 89. fortherconprisng an applkatkind^ 
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cation, wher^n said received mode code defines a free play nnode. and wherein said means for &i4)porting a pl^ 
nKXieassocialed said received mode code comprises; 

nr>eans. activated prior to an operation of said means lor SMPportlng application play mears of said dierH. for 
5 retrievng an eiqDected play time associated with said received application I D from said application data table; 

and 

nmns for sending said 69;)ecled play time to said dient 

91. A system as defined in daim 89« where^ said received mode code d^es a free play mode, and wherein said 
10 means for supporting a play mode assocated said received mode code conprises: 

means for measuring, as a measu'ed play time, a duration of application plcy^ 

means for addkig said measured play linie to a play time meter associated vvith said receivad nKide code In 
said volume data table to obtain a total amount of piay tinie; and 
IS means for sending said Pleasured play time and said total anx)um of play tini^ 

92. A system as defffied in claim 91. wtierein said means for measunng a <^jfattoncon^ 

means responsive to a notice of the start of operation by said application pl^ means 
20 atimer^and 

means responsive to a notice of the end of said opeiHllon for stopping sak^ 

93. A system as defined in daim 91, wherein said nieans for nieasuring a dumt^ 
25 means for receivhg a measured duration from said dienl. 

94. A system as defined in daim 88. wher^n said recewed mode code defines a ch^ 
means for stflxxting a play mode associated said reoenred mode code 

50 means for receiving a aedit card number of said user from said server; 

means, responsive to a detenmination, from a verification of said aedit card nuitoer. that said credit card 
number is not vaid. for infonmg said dient of ffivalidit^ 
a play mode; 

means, responsive to a determination, from said verification of said crscfit card number, that said credit card 
35 number is valid, for informrig said client of a validity and prooeecfing to a next operation; and 

means for enlarging said play to saU credit card nunfoer. 

95. A system as defred in claim 94. wherein said means for scpporting a play mode associated said received nrxtde 
code furtf)er oonprises: 

40 

means activated prior to operation of said appGcation play means of said c6ent for retrieving an en>ected 
chtfge from said application data table by uskig said received application ID; 

means for calculating a sum of said eoq^ected charge and a value of a charge meter associated with said 
received volume ID or application ID depending on said received mode code; 
45 means operative prior to operation of said application play means for sendmg said expeded charge and said 

sumtosaiddient;and 

means responsive to a receipt of a message of <^ng for quitting said means 

96. A system as defined in dalm 94, wherein siaid means for receiving a credit card nuni>er of said user from said 
60 server comprises: 

means for generating a pseudo random number; 
means for storing said pseudo random number in menxiry; 
means for transmitting said pseudo random number to said dient 
65 means for waiting for a double-enciypted data from said dient; 

means for obtakiing a server's secret key; 

means for deaypting said doubte-encrypted number with said server's seaet key into a decrypted random 
nunfoer and another decrypted data; and 
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means for decrypting said anolher encrypted data with said transmitted random number to otnain said aedit 
card mrrbec. 

97. A system as defined in daim 96. wftierein said means iorotTfiainB^ 
6 said usei^ secret key from a portalsle memory of said user. 

9a. A system as defined in daim 96, wherein said means for reoeivino a crecit card nunter of said user from said 
serv^ further oonprises: 

10 means responsive to a detenT«)atx)a made prior to sai^ 

number coincides with said pseudo random ramt>er«vtw^ 
ble message to said dient and proceeding to a next operEdion; and 

means responsive to a determination, m^e prior to said decryptnig said anofther. that said decrypted random 
niiit)er does not cdndde with sakj pseudo random rmn^ 
15 a disabf e message to said cfient and quitting said supporting a pl^ moda 

99. A system as deTned in daim 88. wherein: 

said receisred mode code ddines a linit^attached piay nxxte; and 
20 mBam tor receiving a service request further receives a ymrt value associated with said mode code, and 

whereffi said nmns tor sifsporting a piay mode associated said received n^ 

nieans for proceeding to a next operation only if the value of a sofhfvare 

on said vdume data iatiiB is under said Smit vaAue: and 

means tor sencing a Riessage inforn^ an over IMt to said ciem and qt^ 
ss supporting a play niode associated said received nfK)de code if the v^ 

said mode code in said vokime data table is nm under said linvt vti 

100. A system as defned in datm 99, wher^n said limit vakie is one of eff 

and time, a maximum arnount ctf play time, and an allQw^ access count 

30 

1 01 JV ^em as def ined in arr/ Oil daims 54. 73 and 7S. whereh eaid means lor obte^^ 
means for reading said user's seaet key from a portable menriory otf 8^ 

1 ittA system as defined in daim 28 or 29, wherein said means for obtaining said seaet key comprises means for read- 
S5 ing said user's secret key from a pcvtable memory of said user. 

103JV method as defined in any of daims 10. 11. 19. 21. 22 and 55. wherein sai^ 
package media. 

40 1 04^ method as defined in daim 1 03. wherein said package media is of a writeonce type, and seid dient is a system 
cs^^sMe erf playing said package media of said wrrte-once type. 

105.An appltcatfon package as defined in dam 1. wheron said package meda Is distributed to a piffchaser thereof a 
a subscriber thereof via a transmission media. 

45 

106 JV system as defined in ffiy of claims 28. 29, 37, 39. 40. 70 and 88. wherein sakf application package is recorded 
onapadOKI^mecSa. 

1 07. A system as defined in daim 1 06, wherevi said appOcatfon padoge is recorded on a package media <rf a write- 
50 oncetypa 

1 08. A system as defned in daim 1 06. wherein at least a part of said vokime control data is recocded. after manufac- 
turing said package media. 01 an area different from a data area where said at least one appficalion is recorded. 

55 109JV system as defrted in daim 108. wherein said dient is a system provided with means for playing said package 
mecfia of sakJ writeKKice type. 

MOJK system as dtf ined in any of claims 28. 29. 37. 39, 40. 70 and 88. wherein said applicatfon package is recorded 
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on a OVO and at least a part of said volume control (lata ina 
BC^ (UiTst cutting area) of the DV^D, arKi w^ein sa^ 

11 1^ method as defined in any of daims 10, 11, 19. 21. 22. 43 and 55, wherein the application packsge has t>eendis* 
trt)uted to a purchaser thereof or a 5Ut>saber via a tiansmissf on made 
dala has t)een acUed to saki application package after preparing saM 

112^ system as defined in any of claims 28. 29. 37, 39, 40. 49. 70 and 88, wherem said application package has been 
distributed to a purchaser tfiereof or a sdtxcrbeif thereof via a transnisston mecfa and at least a part of said vol- 
ume oontrd data has beem added to said application package after preparing said application package 
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